Data breach exposes 122M records from DemandScience following initial denials

A database with information on 122 million those that has been circulating since February 2024 has been confirmed to have been stolen from the business-to-business demand generation platform DemandScience US LLC.

The database first appeared on the market on the infamous hacking forum BreachForums from a user called “KryptonZambie,” who claimed that the info was stolen from Pure Incubation, the name that DemandScience was previously known. Nonetheless, on the time, DemandScience denied that the info belonged to it.

“All our systems are 100% operational, and we’ve not found any indication that a hack or breach to any of our systems or data has occurred (all are secured behind firewall/VPN access/Access control/intrusion detection systems),” a spokesperson for the corporate said on the time. “We’re continuing to watch the situation, so it could not be appropriate to expand further at this point.”

Bleeping Computer, which obtained the response from DemandScience, followed up again but didn’t receive a response from the corporate.

Forward to August and the identical data set was then offered by KryptonZambie on BrechForums for eight credits — the equivalent of a number of dollars, making the info near free.

Now, security researcher Troy Hunt from Have I Been Pwned wrote Wednesday that the info is authentic and that its origin is DemandScience. The confirmation got here from someone exposed within the leak who contacted DemandSciene and was told that the leaked data “originated from a system that had been decommissioned two years ago,” despite DemandScience previously denying any links to the info.

Aaron Walton, threat intelligence analyst at managed detection and response firm Expel Inc., told SiliconANGLE via email that “all businesses should take into consideration their data exposure when it comes to risk” and that “within the case of knowledge aggregation platforms, the theft of their data equates to the theft of their most prized possession.”

“With this data stolen and made public, it allows for a major impact on their business,” Walton said. “That’s, why should an organization pay DemandScience in the event that they can find the data they need for affordable?”

A breach like this will go undetected if organizations aren’t monitoring the total breadth of their security, he added.

“On this case, it appears like some tech was decommissioned but not fully sunsetted,” he said. “When possible, it’s best to have a powerful process to verify that assets are fully decommissioned.”

Image: SiliconANGLE/Ideogram