An unprotected database exposed around 198 million personal records of car buyers’ online. Jeremiah Fowler, a security researcher at Security Discovery, stated that he discovered a database, that contained 413 GB of data, that was left online without any password protection.
“On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of 198 million records. The most shocking part was that I had seen this dataset several times in the previous weeks but was unable to identify the owner. It was clear that this was a compilation of potential car buyers wanting more information, loan and finance inquiries, vehicles that were for sale, log data with IP addresses of visitors, and more,” Jeremiah said in a post.
The researcher found that the leaky database is an Elastic database that contained a compiled list of potential car buyers who requested for information like, vehicles for sale, loan and finance inquiries, log data with IP addresses of visitors, and more. Upon further investigation, Fowler discovered that the car buyer marketing database is maintained by an agency dealerleads.com. The database was taken down by DealerLeads after Fowler reported the issue.
The exposed data included, names, phone numbers, email addresses, street addresses, ports, pathways, storage info, and other sensitive information which could be exploited by cybercriminals, according to Jeremiah Fowler.
“I initially thought this database could be a directory, but there would not be such detailed information or back-end records. Another concern was that there were so many different websites that it almost seemed illogical that they could be owned by one organization. Only by manually reviewing multiple domains did I discover that they are all linked back to dealerleads.com. I immediately reached out to them regarding my discovery on Aug 19,” Fowler stated.