08-04-2025, 03:53 PM
IMDataCenter.com processes databases, appending and enhancing customer data. One of their specialties is running lists against the USPS National Change of Address database to find people that moved.
IMDataCenter stored the updated customer files in the cloud (static.imdatacenter.com at AWS), and for unknown reasons their data scientists chose to set the access to the bucket to allow the public to list and/or download all objects in the bucket. This data included, for example, lists of employees and their SSNs from class action lawsuits, and voter lists from a state that is very restrictive about who can access voter lists. So probably an "Oopsie!"
Over 10,000 customer files containing over 289,000,000 records were offered to the public for free (some including SSNs, DOBs). NOTE: This post only contains the approximately 20M unique emails that appeared in those files, NO OTHER DATA (except their small lead list, and a list of the files that were in the bucket).
Clients appear to have included EngageIQ/Datascore.ai, Xpand Legal Consulting, Apex Class Action ("Data integrity and cybersecurity are the foundation of Apex. Our SOC 2 Type 2 certification reflects our commitment to these values, ensuring rigorous security and giving our clients confidence in the protection of their data."), and a company that assists universities with fundraising. And hundreds or thousands more clients.
Included with this post are [1] A list of 20M+ unique emails that were exposed in the bucket leak, [2] One file from the leak that appears to be a lead list of IMDataCenter potential customers, and [3] A list (e.g. names, file sizes, and dates) of the files that were in the bucket as of early July, 2025. The bucket was closed around July 16, 2025.
Again, note that what I am including here is primarily JUST EMAILS WITH NO ASSOCIATED DATA. I try to ensure that everything I do is within the boundaries of the law, and since there are thousands of files and I know some include some sensitive information, I felt it best to just release the emails (except IMDataCenter's own small lead file).
IMDataCenter stored the updated customer files in the cloud (static.imdatacenter.com at AWS), and for unknown reasons their data scientists chose to set the access to the bucket to allow the public to list and/or download all objects in the bucket. This data included, for example, lists of employees and their SSNs from class action lawsuits, and voter lists from a state that is very restrictive about who can access voter lists. So probably an "Oopsie!"
Over 10,000 customer files containing over 289,000,000 records were offered to the public for free (some including SSNs, DOBs). NOTE: This post only contains the approximately 20M unique emails that appeared in those files, NO OTHER DATA (except their small lead list, and a list of the files that were in the bucket).
Clients appear to have included EngageIQ/Datascore.ai, Xpand Legal Consulting, Apex Class Action ("Data integrity and cybersecurity are the foundation of Apex. Our SOC 2 Type 2 certification reflects our commitment to these values, ensuring rigorous security and giving our clients confidence in the protection of their data."), and a company that assists universities with fundraising. And hundreds or thousands more clients.
Included with this post are [1] A list of 20M+ unique emails that were exposed in the bucket leak, [2] One file from the leak that appears to be a lead list of IMDataCenter potential customers, and [3] A list (e.g. names, file sizes, and dates) of the files that were in the bucket as of early July, 2025. The bucket was closed around July 16, 2025.
Again, note that what I am including here is primarily JUST EMAILS WITH NO ASSOCIATED DATA. I try to ensure that everything I do is within the boundaries of the law, and since there are thousands of files and I know some include some sensitive information, I felt it best to just release the emails (except IMDataCenter's own small lead file).
