Written by Ana Magazinius, RISE Viktoria.
After running into the same 413GB non-password protected database several times in a short period of time, Jeremiah Fowler, a senior security researcher at Security Discovery, became curious of what it was (link: https://securitydiscovery.com/dealer-leads/). After researching where the dataset originated from, he found that all roads lead to the same place – DealerLeads (https://dealerleads.com/). Fowler alerted the company of the issue, following which the DealerLeads made sure that the database was not publicly available anymore. However, it is still unclear if the data was accessed during the time it was publicly exposed. If it was, this is an enormous data breach since the database turned out to contain 198 million records with names, email, IP and physical addresses, phone numbers, as well as, “other sensitive or identifiable information exposed to the public internet in plain text.”