ADVERTISEMENT

Online marketing company exposes 38+ million US citizen records

Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an Amazon bucket owned by an unidentified party and containing massive amounts of user data.

personal records questionnaire
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Sep 3, 2020 Updated: 7 December 2023 3 min read

What data is in the bucket?

  • 700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files
  • 59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique

Examples of exposed records

censored list with emails and phone numbers
censored list with names and addresses
censored document from tribure digital
ADVERTISEMENT
censored document from gray

Who owns the bucket?

Who had access?

What’s the impact?

  • Scammers can use the names, email addresses, and phone numbers of the exposed people for a wide variety of fraudulent schemes
  • Simple contact details can be enough for spammers and phishers to launch targeted attacks against 38+ million exposed Americans from multiple angles, such as robocalls, text messages, emails, and social engineering campaigns
  • Determined cybercriminals can combine the data found in this bucket with other data breaches to build profiles of potential targets for identity theft

What happened to the data?

Should you be worried and what to do if you’ve been affected?

  1. Use our personal data leak checker to see if your email address has been leaked.
  2. If your email happens to be among those leaked, immediately change your email password and use a password manager.
  3. Look out for potential phishing emails and spam emails. Don’t click on anything suspicious, whether it’s an email, a text message, or any link therein.

Protect yourself online with our hand-picked digital privacy tools

ADVERTISEMENT