DemandScience 2024 Data Breach

DemandScience B2B Lead Intelligence Breach (2024): 132M Professional Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Data BrokerEmail AddressEmployerFull NameIP AddressJob InformationPhone NumberPhysical AddressSocial Media Profile
Low SeverityWebsite / service breach

DemandScience B2B Lead Intelligence Breach (2024): 132M Professional Contact Records Exposed

B2B lead intelligence and marketing data provider (formerly Pure Incubation)

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
527dSince Breach

Breach Intelligence Summary

Entity: DemandScience · Actor: Unknown · Sources: 3 references
Attack: Unknown
Profile: Data Broker · B2B contact data aggregation and sales intelligence · B2B lead intelligence and marketing data provider · USA
Timeline: Breach (2024-02-28) · Indexed (Nov 16, 2024) · Year (2024)
Exposure: 132.7M records · 8 fields: Email Address, Employer, Full Name, IP Address, Job Information, Phone Number, Physical Address, Social Media Profile
Status: Reported

Executive Summary

DemandScience, a B2B data and revenue marketing company, suffered a breach affecting 132.7 million records when a large corpus of its data appeared for sale on a hacking forum. The breach was later attributed to a leak from a decommissioned legacy system. DemandScience aggregates business contact information to help enterprise sales and marketing teams identify and reach buyers, which is why consumer data ended up in its systems without any direct relationship between the company and the individuals affected. The exposed data included roughly 122 million unique corporate email addresses, along with names, phone numbers, physical addresses, employer details, job titles, and LinkedIn profile links. Although much of this information was drawn from public sources, the breach packaged it into a clean, normalized dataset that is far more useful to attackers than scattered public records. That combination makes it well-suited for spearphishing, business email compromise, and executive impersonation campaigns targeting both individuals and the organizations they work for. No regulatory actions or notifications have been publicly reported in connection with this breach. Because affected individuals likely had no prior awareness that DemandScience held their data, many will not know to take precautions. People whose information was exposed should be alert to unsolicited contact that references their employer, job title, or workplace details, as attackers can use this data to craft convincing, targeted messages.

ObscureIQ assessment: High risk because the data is already normalized for targeting. Exposure enables spearphishing, executive targeting, business impersonation, and BEC-style attacks.

Breach Impact

The 2024 breach highlighted the scale and downstream risk of brokered B2B contact intelligence. HIBP says the exposed corpus was later attributed to a leak from a decommissioned legacy system and consisted largely of business contact data aggregated from public sources, including about 122 million unique corporate email addresses along with names, phone numbers, physical addresses, employers, and job titles. Even though much of the data was framed as public-source business information, packaging it into a normalized breach corpus made it far more useful for phishing, executive targeting, business email compromise pretexting, enrichment, and large-scale corporate identity mapping.

About DemandScience

DemandScience is a B2B revenue marketing and data company that sells buyer intelligence, contact data, intent signals, campaign execution, and related go-to-market services to enterprise sales and marketing teams. Its business is built around helping customers identify, score, and reach business buyers through a mix of data assets, software, and managed services.

Why They Hold Your Data

B2B lead-intelligence providers aggregate business contact records, company profiles, job titles, emails, phone numbers, and intent-linked marketing data across sales and outreach workflows.

Recent Developments

DemandScience remains an active growth-stage player in the B2B data and revenue-marketing market, and its recent public activity points to expansion rather than retrenchment. In 2025 it announced the acquisitions of Bound and DemandJump, said it had returned to growth, added a new CFO, and in 2026 announced additional leadership hires tied to AI-driven precision performance marketing.

Data Points Exposed

8 verified field types
Email Address
Employer
Full Name High
IP Address
Job Information
Phone Number
Physical Address High
Social Media Profile

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
  • Social media account targeting and impersonation
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Business Email Compromise seeding
  • Name-based social engineering
  • Geolocation & account flagging
  • Vishing & authority impersonation
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Account impersonation & social graph harvesting

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the DemandScience breach?

DemandScience, a B2B data and revenue marketing company, suffered a breach affecting 132.7 million records when a large corpus of its data appeared for sale on a hacking forum. The breach was later attributed to a leak from a decommissioned legacy system. DemandScience aggregates business contact…

What data was exposed?

Verified fields include Email Address, Employer, Full Name, IP Address, Job Information, Phone Number, Physical Address, Social Media Profile.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation