Allegedly more than 183 million records of people’s contact information and employment information were stolen or otherwise obtained from a data broker and offered for sale by someone with bad intentions.

Using the name KryptonZambie, the underworld dealer placed a $6,000 price tag on information in a cybercrime forum post. They offer 100,000 records as a sample to interested buyers and claim that the data as a whole includes people’s corporate email addresses, physical addresses, phone numbers, employer names, job titles, and links to LinkedIn and other social media profiles.

We believe this information is already publicly available and collected by a data broker called Pure Incubation. I just called Demand Science. This company told us it was aware its data was being offered for sale and attempted to clarify what was being obtained, i.e. business contact information already available.

“It is also important to note that we process publicly available business contact information and do not collect, store or process consumer data or any personally identifiable information or sensitive personal information, including accounts, passwords, home addresses or other personal, non-confidential information,” a DemandScience spokesperson said in a statement. He said in the mail: Record.

This, it seems to us, is the circle of data brokerage life. One organization collects a lot of information from the Internet to make a profit, another comes along and takes that information to make a profit in one way or another, sells it to others to make a profit…

The rest of the company’s statement, which states that it does not believe that the information was obtained directly from its systems due to an IT security breach, is as follows:

DemandScience claims to “generate leads for a future-proof sales and marketing funnel,” and that’s all marketing jargon: We take people’s public identifiers and other data from a variety of sources, package it nicely, and sell it to companies who then use it to target you in ad campaigns .

In other words: It’s a data broker, so if you’re lucky enough to live in California, at least to give up DemandScience selling your data.

Have I been pwned? mottled put the data dump up for sale and added it to its list of security incidents on Wednesday. The information apparently went up for sale around February, with data thieves flogging at least 122 million unique email addresses captured by Pure Incubation.

Later report This document, written by HIBP founder and Microsoft regional director Troy Hunt, includes a screenshot of an email from DemandScience sent to someone whose information was included in the data distributed by KryptonZambie, attributing the leak to “a system that has been decommissioned for approximately two years.” . “

Infosec watchdog HackManac also said: alarm with one screenshot Forum post in which the bad actor claims that KryptonZambie has 183,745,481 records available for acquisition. We should point out: Neither HackManac nor Record confirmed these claims.

After coming across the pile of data available for sale and hearing from someone whose personal information had been compromised in the incident, Hunt said he decided to check whether his own information was included. He found a decade-old email address and an incorrect job title.

“I’m going to be completely transparent and honest here; my words after finding this were ‘asshole!’ “The real story is told here, uncensored, because I want to impress viewers with how I feel when my data is revealed in a public place,” Hunt wrote.

We couldn’t have said it better ourselves. ®