Speedio 2024 Data Breach

Speedio Corporate Intelligence Database Breach: 27M Business Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Data BrokerEmail AddressEmployerPhone NumberPhysical Address
Low SeverityWebsite / service breach

Speedio Corporate Intelligence Database Breach: 27M Business Contact Records Exposed

Business intelligence and contact data aggregation services.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
452dSince Breach

Breach Intelligence Summary

Entity: Speedio · Actor: Unknown · Sources: 2 references
Attack: Unknown
Profile: Data Broker · Business intelligence and contact data aggregation services · Corporate contact and business intelligence database · Japan
Timeline: Breach (2024-12-24) · Indexed (Jan 30, 2025) · Year (2024)
Exposure: 27.5M records · 4 fields: Email Address, Employer, Phone Number, Physical Address
Status: Confirmed

Executive Summary

Speedio, a Brazilian B2B lead generation platform, suffered a data exposure in December 2024 when a dataset allegedly taken from an unsecured Elasticsearch instance was posted for sale on a hacking forum. The exposed corpus contained over 62 million records, including approximately 27.5 million unique email addresses. The attacker and precise method of access have not been confirmed. Speedio did not respond to disclosure attempts, and the origin of the data could not be independently verified. The exposed data includes company names, email addresses, phone numbers, and physical addresses. Because Speedio aggregates business contact information rather than serving consumers directly, the individuals and companies represented in the dataset were not Speedio customers. They were third parties whose details had been collected and indexed without their direct involvement. This distinction matters: affected people may have no awareness that their business contact information was held by Speedio at all. No formal regulatory action or breach notification has been documented. The practical risk to affected individuals is elevated. The dataset was already structured and normalized for sales outreach, making it immediately useful for spearphishing campaigns, targeted scams, and business impersonation. People whose email addresses or phone numbers appear in the data should be alert to unsolicited contact that references their employer, role, or business relationships.

ObscureIQ assessment: High risk of spearphishing, executive targeting, and business relationship mapping. The data is especially dangerous because it is already normalized for outreach and enrichment.

Breach Impact

In December 2024 a dataset alleged to have been taken from Speedio via an unsecured Elasticsearch instance was posted for sale on a hacking forum. The exposed corpus contained over 62 million records of largely public business information including company names, phone numbers, and physical addresses, with approximately 27.5 million unique email addresses confirmed in the dataset. Because Speedio aggregates commercial data rather than consumer personal information, the individuals and businesses represented in the dataset were not Speedio customers. The exposure was of aggregated B2B contact data rather than account holder personal records. No formal notification or regulatory action has been documented.

About Speedio

Speedio is a Brazilian B2B lead generation platform that aggregates business data — company names, contact information, industry classifications, and decision-maker details — to help sales and marketing teams identify prospective clients. The platform sources its data from public business registries, websites, and commercial databases and markets access to its indexed corpus on a subscription basis. It is not a consumer-facing service.

Why They Hold Your Data

Business-intelligence and contact-data platforms aggregate company records, executive identities, emails, phone numbers, and firmographic data for sales and research workflows.

Recent Developments

Speedio continues to operate as a Brazilian B2B sales intelligence platform. No major organizational changes have been publicly reported.

Data Points Exposed

4 verified field types
Email Address
Employer
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Business Email Compromise seeding
  • BEC & invoice fraud
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Speedio breach?

Speedio, a Brazilian B2B lead generation platform, suffered a data exposure in December 2024 when a dataset allegedly taken from an unsecured Elasticsearch instance was posted for sale on a hacking forum. The exposed corpus contained over 62 million records, including approximately 27.5 million…

What data was exposed?

Verified fields include Email Address, Employer, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation