BlogNews13TH NOV 2024
AuthorSamir Yawar
4 min read
News

DemandScience Data Breach Confirms 122 Million Individuals Affected by Leak

Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image for Demandscience data breach

In a recent cyber incident, business contact details for 122 million individuals have been circulating on the internet since February 2024. This data has now been confirmed to originate from DemandScience, a B2B demand generation platform previously known as Pure Incubation.

Who Is DemandScience?

DemandScience, a company specializing in B2B demand generation, aggregates data from various sources. Data aggregation involves collecting, compiling, and organizing information from publicly available sources. Digital marketers and advertisers utilize these aggregated datasets to create detailed profiles that aid in lead generation and targeted marketing.

In DemandScience’s case, the company compiled business-related information, including:

  • Full names

  • Physical addresses

  • Email addresses

  • Telephone numbers

  • Job titles and functions

  • Social media profiles

The Breach: Timeline and Initial Denial

In February 2024, a threat actor named ‘KryptonZambie’ listed 132.8 million records for sale on BreachForums. KryptonZambie claimed these records were stolen from an exposed system belonging to Pure Incubation. Cybersecurity outlet BleepingComputer contacted DemandScience for confirmation, but the company initially denied any breach, stating they found no evidence of compromised data.

demandsscience records out in the wild
A screenshot of the breached DemandScience records online | Source: BleepingComputer

Derek Beckwith, Senior Director of Corporate Communications at DemandScience, responded to the inquiry by saying:

“Based on the post you forwarded from a black hat hacking crime forum, we immediately activated our security and incident response protocols. All our systems are 100% operational, and we have not found any indication that a hack or breach to any of our systems or data has occurred. We continue to monitor the situation closely.”

Despite this reassurance, the company declined further comment, citing ongoing monitoring.

Data Leak: August 15, 2024

By August 15, 2024, KryptonZambie reduced the price of the dataset to just 8 credits on BreachForums, effectively leaking the information at a negligible cost. This marked the public exposure of DemandScience’s data on a popular hacking forum.

Confirmation of the Data’s Authenticity

On the same day, cybersecurity expert Troy Hunt confirmed the authenticity of the leaked data. In a blog post, Hunt disclosed that an individual exposed in the leak contacted DemandScience for clarification. DemandScience then confirmed that the leaked data originated from a system decommissioned roughly two years prior.

DemandScience’s email response stated:

Regarding the matter referenced in your email, we have conducted a thorough internal investigation and conclude that none of our current operational systems were exploited. We also conclude that the leaked data originated from a system that has been decommissioned for approximately two years.”

Hunt verified the data's credibility by confirming his own record was included in the breach, listing details from his time at Pfizer.

Next Steps for Affected Individuals

Following the leak, all 122 million unique email addresses have been uploaded to the breach notification service Have I Been Pwned (HIBP). Exposed users can expect notifications regarding their compromised information and should take steps to secure their personal information.

This incident underscores the vulnerability of even archived data and raises critical questions about data security practices and decommissioned systems.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Money is a central element in data breaches because cybercriminals often target financial information. Stolen data, such as credit card numbers, bank account details, or personal identification, can be monetized through various means, including selling on the dark web, fraudulent transactions, or identity theft.