Elasticsearch Sales Leads (AWS) 2018.0 Data Breach

Elasticsearch Sales Leads Exposure (2018): 5.8 Million B2B Contact Records Left Open on AWS | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Database ExposureData BrokerEmail AddressEmployerFull NamePhysical Address
Low SeverityWebsite / service breach

Elasticsearch Sales Leads Exposure (2018): 5.8 Million B2B Contact Records Left Open on AWS

Sales leads and B2B contact intelligence.

Verified by ObscureIQ Intelligence
24/100Breach Risk Index
14Data Value
10Market Recency
2790dSince Breach

Breach Intelligence Summary

Entity: Elasticsearch Sales Leads (AWS) · Actor: Unknown · Sources: 2 references
Attack: Database Exposure
Profile: Data Broker / Marketing Exposure · Sales leads and B2B contact intelligence · Exposed sales lead database · Global
Timeline: Breach (2018-10-01) · Indexed (Nov 17, 2018) · Year (2018.0)
Exposure: Undisclosed records · 4 fields: Email Address, Employer, Full Name, Physical Address
Status: Compilation

Executive Summary

In October 2018, security researcher Bob Diachenko found an exposed Elasticsearch instance on AWS containing sales-lead data with 5.8 million unique email addresses, along with names and the companies/contact information they were associated with. The owner of the data was never identified. Systems were not hacked; the aggregated B2B lead data was left publicly accessible.

ObscureIQ assessment: This kind of dataset enables spearphishing, executive impersonation, invoice fraud, and account-targeting against business users because it maps who works where and how to reach them. It is especially valuable for B2B fraud because it provides ready-made contact intelligence for high-volume outreach.

Breach Impact

In October 2018, security researcher Bob Diachenko found an exposed Elasticsearch instance on AWS containing sales-lead data with 5.8 million unique email addresses, along with names and the companies/contact information they were associated with. The owner of the data was never identified. Systems were not hacked; the aggregated B2B lead data was left publicly accessible.

About Elasticsearch Sales Leads (AWS)

In October 2018, security researcher Bob Diachenko found an exposed Elasticsearch instance on AWS containing sales-lead data with 5.8 million unique email addresses, along with names and the companies/contact information they were associated with. The owner of the data was never identified. Systems…

Why They Hold Your Data

Sales lead databases usually contain names, job titles, company names, work emails, phone numbers, business addresses, firmographic data, and engagement notes used for prospecting and outreach. Their workflows are driven by lead capture, enrichment, segmentation, scoring, and distribution to sales or marketing teams.

Data Points Exposed

4 verified field types
Email Address
Employer
Full Name High
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Business Email Compromise seeding
  • Name-based social engineering
  • Physical stalking, mail fraud & identity verification

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Elasticsearch Sales Leads (AWS) breach?

In October 2018, security researcher Bob Diachenko found an exposed Elasticsearch instance on AWS containing sales-lead data with 5.8 million unique email addresses, along with names and the companies/contact information they were associated with. The owner of the data was never identified. Systems…

What data was exposed?

Verified fields include Email Address, Employer, Full Name, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation