vpnMentor Report Reveals 63M U.S. Users' Information Leaked

VPNMentor uncovered a major data leak that puts an estimated 63 million U.S. citizens at risk. The culprit is OneMoreLead and is accused of storing users information (work locations, email addresses, and names) in an unprotected database

The good news is that cybercriminals didn't discover the database, because if they'd, it would have been a goldmine for cybercriminal activity, including, but not limited to identity theft, financial fraud or even massive phishing operations targeting American institutions and businesses.

vpnMentor noticed the data leak on April 16th and notified OneMoreLead about the vulnerability four days later. Because they failed to keep this database secure, at least 63 million people may have been defrauded, their identities stolen, or even worse.

According to vpnMentor’s research team, "In this case, vpnMentor’s cybersecurity team discovered the database during a routine research project. We quickly identified OneMoreLead as the database’s owner. However, the origins of the data, or how it ended up in OneMoreLeads’ hands, remain unknown".

The information's origin is yet unknown

The source of this information is unknown. Interestingly enough, collecting data from 126 million US citizens, OneMoreLead would have had to start collecting data long before the company launched. Regardless of how they came to be in the possession of the data, the company is liable for any damage created as a result of failing to protect the records.

It is possible that OneMoreLead may have to address concerns about its competency and reputation as a result of the gravity, scope, and odd circumstances surrounding this data leak. Potential clients may be reluctant to work with the new company due to the way they handled data and exposed millions of people to fraudulent practices and cyberattacks before the company's website was even operational.

Furthermore, the corporation may be subjected to legal action as a result of this. The majority of those who have been affected by the data breach are residents of California, meaning they are protected by the state's data privacy laws, known as the California Consumer Protection Act (CCPA).