Marketing / B2B lead-generation data aggregator.
In November 2018, security researcher Bob Diachenko identified an unprotected, publicly facing Elasticsearch database containing over 44 million records, later linked to marketing/lead-generation company Data & Leads. Exposed data included email addresses, names, phone numbers, physical and IP addresses, and employment information (employers, job titles). Data & Leads did not respond to inquiries and its website went offline shortly afterward. The data was added to Have I Been Pwned.
ObscureIQ assessment: Exposure enables phishing, business impersonation, and abuse of marketing or sales pipelines. Lead datasets are immediately useful because they are structured for contact targeting.
The exposure tied names, emails, phone numbers, physical addresses, employers, and job titles for tens of millions of individuals, enabling targeted phishing, employment/business-themed social engineering, SIM-swap targeting, and doxxing. Because affected people were aggregated as marketing "leads" (often without a direct relationship), most had no way to know their data was held.
Data & Leads was a marketing and B2B lead-generation company that aggregated professional and consumer contact records. It maintained large volumes of names, emails, phone numbers, addresses, and employment details used for sales/marketing lead generation.
Lead-data providers collect and aggregate business and contact records, marketing profiles, and outreach-linked information for sales and lead-generation use.
In November 2018, researcher Bob Diachenko found an unprotected Elasticsearch database (~44M records) linked to Data & Leads. The company did not respond to inquiries, and its website subsequently went offline.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Database Exposure.
If you believe your information may be included:
In November 2018, security researcher Bob Diachenko identified an unprotected, publicly facing Elasticsearch database containing over 44 million records, later linked to marketing/lead-generation company Data & Leads. Exposed data included email addresses, names, phone numbers, physical and IP…
Verified fields include Email Address, Employer, Full Name, IP Address, Job Information, Phone Number, Physical Address.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation