Troy Hunt, who runs breach notification website Have I Been Pwned, was the one who discovered the leak. After analyzing its contents, he found that they’re composed of millions of people’s names, their corresponding work email addresses and phone numbers, as well as their companies and job titles. Since it’s a database sold to marketers, the leaked details all came from US-based companies and government agencies. Based on Hunt’s analysis, here are the top ten entities in the list, along with the number of affected employees:
1. Department of Defense: 101,013
2. United States Postal Service: 88,153
3. AT&T: 6,7382
4. Wal-Mart: 55,421
5. CVS: 40,739
6. The Ohio State University: 38,705
7. Citigroup: 35,292
8. Wells Fargo Bank, National Association: 34,928
9. Kaiser Foundation Hospitals : 34,805
10. International Business Machines (IBM) Corporation: 33,412
While the database doesn’t contain more sensitive information, such as credit card numbers or SSNs, Hunt says it’s an “absolute goldmine for [targeted] phishing.”
He told ZDNet:
“From this data, you can piece together organizational structures and tailor messaging to create an air of authenticity and that’s something that’s attractive to crooks and nation-state actors alike.”
Hunt has already uploaded the contents of the database on Have I Been Pwned, so you can check if your details have been compromised anytime.
