Published on September 16th, 2019 📆 | 3597 Views ⚑0
Misconfigured database exposes 198M records on prospective auto buyers
Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers.
Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity news and consulting firm Security Discovery reported today in a blog post.
The 413 GB database, which was not password-protected, also included details on loan and finance inquiries, vehicles offered for sale, and additional information that cybercriminals could have used to penetrate deeper into the Dealer Leads network, including ports pathways and storage info.
According to Dealer Leads’ Linkedin page, the Calabasas, California-based company “provides high-volume, high-quality website traffic for franchise and independent car dealerships through our exclusive, wholly- owned classified sites and our manufacturer quality research pages.”
Blog post author Jeremiah Fowler, Security Discovery’s director of security research and senior communications consultant, uncovered the open database last Aug. 19, and through some sleuthing determined that the various websites referenced in the contents were all linked to the site dealerleads.com. In the blog post, Fowler said he spoke to a general sales manager at Dealer Leads, who saw to it that the database was made private shortly after the disclosure took place.
“Unfortunately, the data was exposed for an undetermined length of time and it is unclear who else may have had access to the millions of records that were publicly exposed,” Fowler wrote. “This is another wake up call for any organization that collects and stores large amounts of data. It is crucial to ensure that the proper safeguards are in place.”
Fowler also said it is unknown if Dealer Leads notified any affected individuals, dealerships, or authorities about the unintended leak. SC Media has reached out to Dealer Leads for comment.