Data breach exposes 122M records from DemandScience following initial denials

Date:

A database with information on 122 million those that has been circulating since February 2024 has been confirmed to have been stolen from the business-to-business demand generation platform DemandScience US LLC.

The database first appeared on the market on the infamous hacking forum BreachForums from a user called “KryptonZambie,” who claimed that the info was stolen from Pure Incubation, the name that DemandScience was previously known. Nonetheless, on the time, DemandScience denied that the info belonged to it.

“All our systems are 100% operational, and we’ve not found any indication that a hack or breach to any of our systems or data has occurred (all are secured behind firewall/VPN access/Access control/intrusion detection systems),” a spokesperson for the corporate said on the time. “We’re continuing to watch the situation, so it could not be appropriate to expand further at this point.”

Bleeping Computer, which obtained the response from DemandScience, followed up again but didn’t receive a response from the corporate.

Forward to August and the identical data set was then offered by KryptonZambie on BrechForums for eight credits — the equivalent of a number of dollars, making the info near free.

Now, security researcher Troy Hunt from Have I Been Pwned wrote Wednesday that the info is authentic and that its origin is DemandScience. The confirmation got here from someone exposed within the leak who contacted DemandSciene and was told that the leaked data “originated from a system that had been decommissioned two years ago,” despite DemandScience previously denying any links to the info.

Aaron Walton, threat intelligence analyst at managed detection and response firm Expel Inc., told SiliconANGLE via email that “all businesses should take into consideration their data exposure when it comes to risk” and that “within the case of knowledge aggregation platforms, the theft of their data equates to the theft of their most prized possession.”

“With this data stolen and made public, it allows for a major impact on their business,” Walton said. “That’s, why should an organization pay DemandScience in the event that they can find the data they need for affordable?”

A breach like this will go undetected if organizations aren’t monitoring the total breadth of their security, he added.

“On this case, it appears like some tech was decommissioned but not fully sunsetted,” he said. “When possible, it’s best to have a powerful process to verify that assets are fully decommissioned.”

Image: SiliconANGLE/Ideogram

Your vote of support is essential to us and it helps us keep the content FREE.

One click below supports our mission to offer free, deep, and relevant content.  

Join our community on YouTube

Join the community that features greater than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and lots of more luminaries and experts.

“TheCUBE is a vital partner to the industry. You guys really are a component of our events and we actually appreciate you coming and I do know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Share post:

Popular

More like this
Related

Save on a Ryzen-Powered Gaming Machine

The Dell G15 Gaming Laptop is currently available for...

Bill Belichick Interviewed For North Carolina HC Job; Latest On NFL Interest

This season marked Bill Belichick‘s first out of the...

Lance Bass Says His CW Show Was Killed After Coming Out as Gay

Lance Bass opened up about one in all the...