Rising Threats from Data Brokers
Security experts are sounding the alarm about the increasing vulnerability of employees' personal information being exposed online. This exposure is creating a significant risk for companies, as hackers can exploit this data to launch sophisticated attacks that could cost millions.
A recent report highlights that the primary source of intelligence for hackers has shifted from the dark web to legal data broking websites. These platforms collect public data and sell it to other businesses, making it easier for malicious actors to access sensitive employee details.
Hackers are leveraging this information through social engineering tactics. This involves impersonating or tricking employees to gain unauthorized access to company systems, often leading to ransomware attacks. Such methods have been used in high-profile incidents, including an attack on Jaguar Land Rover, which resulted in billions being lost from the company's annual turnover. Similarly, Marks and Spencer faced a breach where attackers impersonated an employee to gain access.
In 2025, a similar attack targeted US airlines, prompting the FBI to issue a national security alert. The incident highlighted the threat posed by hackers using employee identities to deceive IT support desks, potentially endangering the entire aviation industry. Other notable incidents include attacks on MGM and Caesars Palace in Las Vegas, which caused significant disruptions.
Survey Highlights Growing Concerns
A survey conducted by Optery among over 420 cybersecurity leaders revealed alarming findings. Only four per cent of respondents were confident that their staff's personal data, such as home addresses, personal phone numbers, and family member names, was not easily accessible online. These results come from the 2026 Enterprise Social Engineering Survey Report published this month.
The survey found that almost all respondents, 96 per cent, reported an increase in social engineering attacks over the past year. More than half indicated that these attacks were beginning to strain their defenses. Around three-quarters of the respondents said they had been compromised due to an attack.
Who Is Most at Risk?
The main targets of these attacks were IT staff, with 80 per cent of respondents indicating they were the primary focus. Executives were targeted at 42 per cent, while help desk staff were targeted at 33 per cent. The report emphasizes that attackers can easily obtain the necessary information to target individuals, including home addresses, personal phone numbers, email addresses, breached credentials, and job roles.
Data broker and people-searching sites, such as Whitepages and 192.com, were identified as the biggest sources of this information, with 98 per cent of respondents rating them as such. This compares to around 90 per cent for social media and the dark web.
More than three-quarters, 77 per cent, said their employees' personal data was "very or somewhat" exposed on these sites. Only 3.6 per cent said they weren't.
Insights from Industry Leaders
Lawrence Gentilello, CEO and founder of Optery, noted that there have been several documented cases of threat actors using commercial data brokers as part of their reconnaissance process against organizations. Leaked ransomware group communications, incident investigations, and government advisories all point to the same pattern: attackers are using commercially available data aggregation services to identify employees, map organizations, and gather the personal and professional information needed for targeted attacks.
Multiple cases illustrate this trend. For example, leaked Black Basta communications showed members using data brokers to identify targets and support social engineering. Federal guidance on Scattered Spider has also identified commercial intelligence tools as part of the group's reconnaissance inputs.
In the 0ktapus campaign, which targeted more than 130 organizations and resulted in the theft of nearly 10,000 credentials, Okta reported that the attackers likely harvested mobile phone numbers from commercially available data aggregation services that link phone numbers to employees at specific organizations. Some cybercriminal groups purchase access to these sites directly, while others resell it as a lookup service. Either way, data broker profiles supply a major source of intelligence that drives social engineering attacks.
No comments:
Post a Comment