A dataset allegedly containing over 62 million records from the Brazilian lead generation platform Speedio has been listed for sale on a popular hacking forum. The breach, which includes 27 million unique email addresses, was recently added to Have I Been Pwned (HIBP) as an unverified data exposure, meaning it may originate from other sources.
The dataset was first posted on BreachForums on January 20, 2025, by a user identified as “ayamee,” who claimed that the information was extracted from an unsecured Elasticsearch instance.
The data primarily consists of business-related details, such as company names, phone numbers, physical addresses, and corporate registration information. While much of the data appears to be publicly available business records, the inclusion of personal email addresses — predominantly from services like Gmail and Outlook — raises privacy concerns and somewhat strengthens the threat actor's allegations.
CyberInsider
Speedio is a Brazil-based business intelligence platform specializing in B2B lead generation, offering services that help companies gather and analyze business contacts. Despite multiple attempts to contact the company, Speedio has not responded to inquiries about the alleged breach, leaving the legitimacy and origin of the exposed data unverified.
Samples of the leaked dataset suggest that it includes structured business information fields, such as company registration numbers, legal names, business classifications, and contact details. Additionally, the dataset contains metadata related to business status and financial attributes. However, no passwords or highly sensitive personal data have been reported in the leak.
HIBP analyzed the data and reported that it includes a total of 27 million email addresses, company names, physical addresses, and phone numbers. Roughly half of those (51%) were already in the data breach alerting service, having been added from past breaches. This leaves a significant number of newly exposed records, again adding credibility to the threat actor's claims.
Since the authenticity of the breach has not been independently confirmed, affected users should remain cautious. To mitigate potential risks, individuals associated with the exposed email addresses should monitor their inboxes for phishing attempts, especially those impersonating business contacts, and be wary of unsolicited communications that request sensitive information or urge immediate action.
DeepSeek AI Exposed Over 1M Chat History Logs and API Keys
Leave a Reply