13TH NOV 2024
In a recent cyber incident, business contact details for 122 million individuals have been circulating on the internet since February 2024. This data has now been confirmed to originate from DemandScience, a B2B demand generation platform previously known as Pure Incubation.
DemandScience, a company specializing in B2B demand generation, aggregates data from various sources. Data aggregation involves collecting, compiling, and organizing information from publicly available sources. Digital marketers and advertisers utilize these aggregated datasets to create detailed profiles that aid in lead generation and targeted marketing.
In DemandScience’s case, the company compiled business-related information, including:
Full names
Physical addresses
Email addresses
Telephone numbers
Job titles and functions
Social media profiles
In February 2024, a threat actor named ‘KryptonZambie’ listed 132.8 million records for sale on BreachForums. KryptonZambie claimed these records were stolen from an exposed system belonging to Pure Incubation. Cybersecurity outlet BleepingComputer contacted DemandScience for confirmation, but the company initially denied any breach, stating they found no evidence of compromised data.
Derek Beckwith, Senior Director of Corporate Communications at DemandScience, responded to the inquiry by saying:
“Based on the post you forwarded from a black hat hacking crime forum, we immediately activated our security and incident response protocols. All our systems are 100% operational, and we have not found any indication that a hack or breach to any of our systems or data has occurred. We continue to monitor the situation closely.”
Despite this reassurance, the company declined further comment, citing ongoing monitoring.
Data Leak: August 15, 2024
By August 15, 2024, KryptonZambie reduced the price of the dataset to just 8 credits on BreachForums, effectively leaking the information at a negligible cost. This marked the public exposure of DemandScience’s data on a popular hacking forum.
On the same day, cybersecurity expert Troy Hunt confirmed the authenticity of the leaked data. In a blog post, Hunt disclosed that an individual exposed in the leak contacted DemandScience for clarification. DemandScience then confirmed that the leaked data originated from a system decommissioned roughly two years prior.
DemandScience’s email response stated:
Hunt verified the data's credibility by confirming his own record was included in the breach, listing details from his time at Pfizer.
Following the leak, all 122 million unique email addresses have been uploaded to the breach notification service Have I Been Pwned (HIBP). Exposed users can expect notifications regarding their compromised information and should take steps to secure their personal information.
This incident underscores the vulnerability of even archived data and raises critical questions about data security practices and decommissioned systems.
