Lead Hunter 2020 Data Breach

Lead Hunter Marketing Lead Database Breach: 68M Consumer Records Including Phone & Home Address | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

UnknownScraping / CollectionData BrokerEmail AddressFull NameGenderIP AddressPhone NumberPhysical Address
Low SeverityWebsite / service breach

Lead Hunter Marketing Lead Database Breach: 68M Consumer Records Including Phone & Home Address

Marketing lead database aggregator'

Verified by ObscureIQ Intelligence
24/100Breach Risk Index
14Data Value
10Market Recency
2226dSince Breach

Breach Intelligence Summary

Entity: Lead Hunter · Actor: Unknown (unattributable) · Sources: 4 references
Attack: Scraping / Collection
Profile: Data Broker · Lead generation and marketing contact aggregation services · Marketing lead database platform · Global
Timeline: Breach (2020-03-04) · Indexed (Jun 03, 2020) · Year (2020)
Exposure: 68.7M records · 6 fields: Email Address, Full Name, Gender, IP Address, Phone Number, Physical Address
Status: Compilation

Executive Summary

In March 2020, an unattributable dataset dubbed "Lead Hunter" was found exposed on a publicly facing Elasticsearch server and provided to Have I Been Pwned (via dehashed.com). It contained ~69 million unique email addresses across ~110 million rows, along with names, phone numbers, genders, IP addresses, and physical addresses. Troy Hunt could not attribute it to a specific company; it appears to be publicly scraped web-domain/contact data repurposed as a large spam database (~93% of emails were already known to HIBP). It is best characterized as a scraped/compiled spam database, not a breach of a named entity.

ObscureIQ assessment: High risk of phishing, spam, and business impersonation. The data is immediately operational for fraud because it is organized for outreach.

Breach Impact

The dataset ties names, emails, phone numbers, genders, IP addresses, and physical addresses for ~69 million people, enabling spam, targeted phishing/smishing, SIM-swap targeting, and doxxing. Because it was scraped/compiled from public sources and repurposed as a spam database, affected individuals had no direct relationship to any single "Lead Hunter" entity.

About Lead Hunter

"Lead Hunter" is the name given to an unattributable dataset, not a confirmed company. It appears to be a large marketing/spam database compiled by scraping publicly available web-domain (WHOIS-style) and contact data.

Why They Hold Your Data

Lead-generation platforms aggregate marketing contact records, emails, phone numbers, company data, and prospecting information for outreach and sales workflows.

Recent Developments

In March 2020, the "Lead Hunter" dataset was found exposed on a publicly facing Elasticsearch server and provided to Have I Been Pwned (via dehashed.com). Troy Hunt could not attribute it to a specific entity; about 93% of the emails were already in HIBP, indicating heavily recycled/scraped data.

Data Points Exposed

6 verified field types
Email Address
Full Name High
Gender
IP Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Spam, phishing, and smishing using name/email/phone
  • SIM-swap targeting using phone numbers
  • Doxxing and physical targeting from exposed addresses
  • Identity enrichment from aggregated public data
Threat vectors:
  • Mass spam & phishing/smishing
  • SIM swapping & phone targeting
  • Profile enrichment
  • Home targeting & doxxing

Threat Actor: Unknown (unattributable)

Unknown (unattributable)
Scraping / Collection

Attribution and method are based on available breach intelligence. Reported attack vector: Scraping / Collection.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Lead Hunter breach?

In March 2020, an unattributable dataset dubbed "Lead Hunter" was found exposed on a publicly facing Elasticsearch server and provided to Have I Been Pwned (via dehashed.com). It contained ~69 million unique email addresses across ~110 million rows, along with names, phone numbers, genders, IP…

What data was exposed?

Verified fields include Email Address, Full Name, Gender, IP Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
Dehashed
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation