Data & Leads 2018 Data Breach

Data & Leads B2B Contact Aggregator Breach: 44M Professional Records Including Job Titles & Addresses | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

UnknownDatabase ExposureData BrokerEmail AddressEmployerFull NameIP AddressJob InformationPhone NumberPhysical Address
Low SeverityAggregated / marketing data

Data & Leads B2B Contact Aggregator Breach: 44M Professional Records Including Job Titles & Addresses

Marketing / B2B lead-generation data aggregator.

Verified by ObscureIQ Intelligence
24/100Breach Risk Index
14Data Value
10Market Recency
2779dSince Breach

Breach Intelligence Summary

Entity: Data & Leads · Actor: Unknown (researcher-found exposure) · Sources: 2 references
Attack: Database Exposure
Profile: Data Broker · Business data extraction and lead generation · Lead data provider · Saudi Arabia
Timeline: Breach (2018-11-14) · Indexed (Nov 28, 2018) · Year (2018)
Exposure: 44.3M records · 7 fields: Email Address, Employer, Full Name, IP Address, Job Information, Phone Number, Physical Address
Status: Confirmed

Executive Summary

In November 2018, security researcher Bob Diachenko identified an unprotected, publicly facing Elasticsearch database containing over 44 million records, later linked to marketing/lead-generation company Data & Leads. Exposed data included email addresses, names, phone numbers, physical and IP addresses, and employment information (employers, job titles). Data & Leads did not respond to inquiries and its website went offline shortly afterward. The data was added to Have I Been Pwned.

ObscureIQ assessment: Exposure enables phishing, business impersonation, and abuse of marketing or sales pipelines. Lead datasets are immediately useful because they are structured for contact targeting.

Breach Impact

The exposure tied names, emails, phone numbers, physical addresses, employers, and job titles for tens of millions of individuals, enabling targeted phishing, employment/business-themed social engineering, SIM-swap targeting, and doxxing. Because affected people were aggregated as marketing "leads" (often without a direct relationship), most had no way to know their data was held.

About Data & Leads

Data & Leads was a marketing and B2B lead-generation company that aggregated professional and consumer contact records. It maintained large volumes of names, emails, phone numbers, addresses, and employment details used for sales/marketing lead generation.

Why They Hold Your Data

Lead-data providers collect and aggregate business and contact records, marketing profiles, and outreach-linked information for sales and lead-generation use.

Recent Developments

In November 2018, researcher Bob Diachenko found an unprotected Elasticsearch database (~44M records) linked to Data & Leads. The company did not respond to inquiries, and its website subsequently went offline.

Data Points Exposed

7 verified field types
Email Address
Employer
Full Name High
IP Address
Job Information
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Targeted phishing and business/employment-themed social engineering
  • SIM-swap targeting using phone numbers
  • Doxxing and physical targeting from exposed addresses
  • Lead/identity enrichment for downstream fraud
Threat vectors:
  • Employment/business spear-phishing
  • Profile enrichment & lead aggregation
  • SIM swapping & phone targeting
  • Home targeting & doxxing

Threat Actor: Unknown (researcher-found exposure)

Unknown (researcher-found exposure)
Database Exposure

Attribution and method are based on available breach intelligence. Reported attack vector: Database Exposure.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Data & Leads breach?

In November 2018, security researcher Bob Diachenko identified an unprotected, publicly facing Elasticsearch database containing over 44 million records, later linked to marketing/lead-generation company Data & Leads. Exposed data included email addresses, names, phone numbers, physical and IP…

What data was exposed?

Verified fields include Email Address, Employer, Full Name, IP Address, Job Information, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation