Latest in Culture

Image credit: alexskopje

Corporate database leak exposes millions of contact details

They include over 100,000 military personnel.
516 Shares
Share
Tweet
Share

Sponsored Links

alexskopje

A 52.2GB corporate database that has leaked online compromises the contact details over 33.7 million employees in the United States. The list includes government workers, most of whom are soldiers and other military personnel from the Department of Defense. According to ZDNet, the database came from business services firm Dun & Bradstreet, which sells it to marketers that send targeted email campaigns. Dun & Bradstreet denies suffering a security breach -- the company says the leaked information matches the type and format it delivers to customers. It could have come from any of its thousands of clients.

Troy Hunt, who runs breach notification website Have I Been Pwned, was the one who discovered the leak. After analyzing its contents, he found that they're composed of millions of people's names, their corresponding work email addresses and phone numbers, as well as their companies and job titles. Since it's a database sold to marketers, the leaked details all came from US-based companies and government agencies. Based on Hunt's analysis, here are the top ten entities in the list, along with the number of affected employees:

1. Department of Defense: 101,013
2. United States Postal Service: 88,153
3. AT&T: 6,7382
4. Wal-Mart: 55,421
5. CVS: 40,739
6. The Ohio State University: 38,705
7. Citigroup: 35,292
8. Wells Fargo Bank, National Association: 34,928
9. Kaiser Foundation Hospitals : 34,805
10. International Business Machines (IBM) Corporation: 33,412

While the database doesn't contain more sensitive information, such as credit card numbers or SSNs, Hunt says it's an "absolute goldmine for [targeted] phishing."

He told ZDNet:

"From this data, you can piece together organizational structures and tailor messaging to create an air of authenticity and that's something that's attractive to crooks and nation-state actors alike."

Hunt has already uploaded the contents of the database on Have I Been Pwned, so you can check if your details have been compromised anytime.

Source: ZDNet, Troy Hunt
In this article: culture, databaseleak, leak, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
516 Shares
Share
Tweet
Share

Popular on Engadget

‘Harry Potter: Wizards Unite’ gathered location data while users slept

‘Harry Potter: Wizards Unite’ gathered location data while users slept

View
Yahoo is shutting down its Groups website and deleting all content

Yahoo is shutting down its Groups website and deleting all content

View
Google discontinues Clips, the AI-powered camera you forgot about

Google discontinues Clips, the AI-powered camera you forgot about

View
Netflix grows to 158 million subscribers as Disney+ looms

Netflix grows to 158 million subscribers as Disney+ looms

View
Virgin Galactic passengers will wear these Under Armour spacesuits

Virgin Galactic passengers will wear these Under Armour spacesuits

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr