In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database allegedly belonging to 5 Miles Lab. The breach supposedly exposed 8.3 million lines of their corporate inbox information.

What Is 5 Miles Lab? 

Founded in 2014, 5 Miles Lab is a digital advertising company that, according to its website, offers social CRM, advertorial and content development, social monitoring and analysis, creative campaigns, website, CMS, and app development, AR/VR development, and more. 

The company works with big brands such as Bvlgary, Apple, Huawei, McDonalds, Timberland, and many more.

Where Was The Data Found? 

The data was found in a forum post available on the clear surface web. This well-known forum operates message boards dedicated to database downloads, leaks, cracks, and more.

What Was Leaked? 

According to the author of the post, the exposed data purportedly belonged to 5 Miles Lab and consisted of 1.27 GB containing 8,399,867 lines of customers’ data.

Although the full data was posted behind a paywall, the author shared a link to a small number of lines as a sample. This sample data was accessible to anyone with an internet connection. 

After our Cybersecurity Team reviewed it, we could confirm that the data appears to be legit.  We determined that, rather than its customers’ database, apparently it was 5 Miles Lab’s corporate inbox that seemed to have been compromised. In other words, the data leaked appears to consist of the information that people filled in the contact form on 5 Miles Lab’s website.

While checking the sample, our Cybersecurity Team found messages from different companies requesting 5 Miles Lab’s services or proposing partnerships. Other messages seemed to be job applications. Some of the people filling this form added their contact information for platforms such as Skype, WhatsApp, WeChat, Facebook, and more.

The sample contained:

  • Inquirer’s ID
  • Inquirer’s name
  • Inquirer’s email
  • Inquirer’s phone number
  • Inquirer’s message
  • Message creation date
  • Inquirer’s messages in some cases included their social media profiles or messaging apps contact.

It is important to note that the paywall was set at 8 forum credits, which can either be obtained for free or purchased at a cost of approximately US$0.27 each. This specific dataset was set to be unlocked to download by anyone willing to pay just over 2 US dollars for it.

This is a screenshot of the contact form that was allegedly compromised.

 

This is a screenshot of the forum post where the author states the type of data, its amount, and the company to which it belonged.

What Risks Does This Data Exposure Pose?

The purportedly leaked data presents a risk to the security and privacy of all customers impacted by this breach — which could potentially be hundreds of thousands of individuals. Each of them may be vulnerable to:

  • Phishing attacks: Cybercriminals may use the leaked information to create convincing emails or messages that appear to be from 5 Miles Lab or other legitimate sources. These messages aim to trick individuals into providing more sensitive information or clicking on malicious links.
  • Targeted scams: Armed with knowledge of the individual’s last purchase date and customer number, scammers could potentially tailor their fraudulent schemes to appear more legitimate and increase their likelihood of success.
  • Social engineering attacks: A social engineering attack occurs when a cybercriminal uses manipulation to deceive a target into revealing confidential information or performing actions that jeopardize security.

 

The type of data exposed could also be used for more complex attacks, such as the ones discovered by Unit 42 of Palo Alto Networks back in 2023. In that year, Unit 42 discovered two separate campaigns that targeted job-seeking activities initiated by threat actors associated with the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea. In the first campaign, named “Contagious Interview,” threat actors posed as employers looking to install malware through the interview process. The second campaign, “Wagemole,” involved threat actors seeking unauthorized employment opportunities with organizations based in the U.S. and other areas of the world.

What to Do If You Believe Your Data Was Exposed

If you suspect that your personal information was compromised in this data leak, you can take these steps to protect yourself:

  1. Beware of Phishing Attempts: Be cautious of unsolicited emails, messages, or phone calls asking for personal information or payment details. Do not click on links or download attachments from unknown sources.
  2. Update Privacy Settings: Review and update the privacy settings on your social media accounts and other online platforms to limit the amount of personal information visible to the public.
  3. Beware of social engineering attacks. Understand social engineering risks, including phishing and scam attempts. Be cautious and verify the authenticity of any unexpected communication, particularly if it requests personal or financial data.
  4. Report any unusual events. Notify 5 Miles Labs of any fraudulent activity or suspicious communications related to this incident. Be wary of sharing information with unknown contacts or unverified sources.

These breaches can lead to serious consequences, so it’s crucial to stay alert, follow our recommendations or consult with an expert to reduce the risks associated with compromised data. By following our recommendations and staying informed about cybersecurity practices, individuals can enhance their defenses against potential threats.