DemandScience Data Breach Exposes 122 Million Email Addresses
/ 3 min read
Quick take - A data breach involving DemandScience on February 28, 2024, compromised approximately 122 million unique email addresses and various business contact details, raising concerns about data privacy and security, while the company stated that its current systems were not exploited and provided an opt-out option for individuals regarding their data.
Fast Facts
- A data breach at DemandScience compromised approximately 122 million unique email addresses and various business contact details, recorded in the Have I Been Pwned (HIBP) database.
- The breach occurred on February 28, 2024, and was added to HIBP on November 13, 2024; it involved sensitive information but did not include password hashes.
- DemandScience, a data aggregator, compiles identity data from public sources and sells it to enhance customer understanding and revenue.
- Reactions to the breach varied, with some individuals noting their data was already public and expressing minimal concern, while others highlighted the need for notifications about such incidents.
- The incident raises ongoing challenges related to data privacy and the complexities of public data usage, emphasizing the market value of personal information.
DemandScience Data Breach Compromises 122 Million Email Addresses
A recent data breach involving DemandScience has resulted in the compromise of approximately 122 million unique email addresses and various business contact details. This breach has been recorded in the Have I Been Pwned (HIBP) database, which has documented a total of 14 billion breached records over the past 11 years. The breach occurred on February 28, 2024, and was added to the HIBP database on November 13, 2024.
About DemandScience
DemandScience is described as a “data aggregator.” The company compiles identity data from multiple public sources and sells this data to enhance customer understanding and maximize revenue. DemandScience stated that its current operational systems were not exploited; rather, the leaked data was attributed to a decommissioned system. The breach included sensitive information such as email addresses, physical addresses, and phone numbers, as well as employers, job titles, and links to LinkedIn profiles. Importantly, the compromised data did not include password hashes, as confirmed by the author of the article.
Implications of Data Breaches
The implications of such data breaches raise concerns about privacy and data security. Advertisers are estimated to gather over 72 million data points on a child before they turn 13, highlighting the extensive collection and marketability of personal data. Reactions to data breaches can vary significantly among individuals; some may express concern, while others report that their information found in breaches was accurate and publicly available.
For instance, a user named Jason discovered his email address in the breach related to Pure Incubation. He received a detailed explanation regarding how his data ended up there and confirmed the accuracy of the information associated with his email. This reflects a trend among recent HIBP subscribers, many of whom noted that their data was already public and did not provoke significant concern.
Addressing Privacy Concerns
The article discusses the distinction between data being publicly accessible and the expectations individuals hold regarding its use. Some individuals have expressed a desire to be notified about such breaches for security reasons. To address privacy concerns, DemandScience provides a link for individuals to opt-out of having their data sold, although this option may not be available to everyone outside of California.
Overall, this incident underscores the ongoing challenges related to data privacy and highlights the value of personal information in the marketplace. The complexities surrounding public data usage are also emphasized.
Original Source: Read the Full Article Here
