BlueHost Leak?

Received this email…


Is your inbound and outbound teams planning to hit BlueHost Users base?
If so, we have database of 49924 Companies across North America.
Please let me know your Title selection?
So I can send you counts, samples and pricing to review.


Linda Brandon

Sales and Marketing Manager
Local Information Firms,Inc
129 Ashton Lane
Austin Texas

[email protected]

Makes one wonder how they got all that info…

It’s not hard to compile a strong list of customers without a compromise or leak. I’ve seen marketing companies do this a lot, simply using public resources. There are several resources one could use, and these would generate plenty for almost anyone with a significant customer base:

  • DNS + website contact info
  • Twitter mentions + twitter profile
  • Forum mentions + forum profile/signature
1 Like

Except she specifically mentions that its a 50k businesses list. And businesses don’t tend to promote where they host their website in any way, surely not tweets or forums. Many busines owner won’t even mention their business name on a forum.

Why would the website contact info mention the hosting company?
Whois is private… mostly.

So that leaves DNS, which would mean them looking up the website IP and match that with providers known IPs. I guess that’s doable.
But thgen they would need to look up for contact info of the owner, as sales@domain, info@domain, support@domain, and similar haves pretty much zero value for cold email.

Ultraedit: Just checked their website, they are not a legit company. That’s for sure.

I could be wrong on what they check, but I’ve seen many do it over the years. There’s certainly enough data out there to compile, should one have either the desire or the tooling. Nameservers alone could probably reveal a solid list, then it’s just curating the list and attaching details. If it’s not tooling then it’s hard work, but if it pays good enough someone will do it.

1 Like

Yeah, there’s a lot of data out there. After all there are plenty of companies that offer similar services although not indexed in this way.

The most I’ve seen is by industry, keywords, employees, revenue.
And all that is public.

When it comes to email info, then most (that I know of) will just scrap data from facebook, linkedIn, company website and directories.

I think it used to be easier before whois data became hidden by default, and business registry data could be easily scrapped. I don’t think that the case any longer.

Anyhow, judging by their website, this is not a legit company, so it’s either stolen data or a scam.

PS: theres a script on codecanyon that scraps data from google maps.

Leak = stolen password, CC details, tickets. Everything else doesn’t matter and should be considered public.

I whole heartily disagree, client info is (a) private (b) precious and (c) private. Thus accounts for the “leak” tag.

You can get those from anywhere else, therefore you can’t say surely that they’re leaked.

I didn’t’ make a statement, I posed the question.
I have no clue if they leaked, I have no clue this company that seems fake truly has the data they claim they have.

But maybe someone here wants to take them on their offer, and ask for a sample.

I know. I just answered. :slight_smile:

However, their email isn’t even worth an answer. If there is a leak you’ll know about it.

Edit: I’m having a language barrier here. While client info is “precious and © private”, it doesn’t have a “demonstrative power (?)” to me. There is just too many ways to get it.

1 Like

Spammers and possibly scammers. registered less than a year ago via godaddy. Private whois.

Fake reviews/testimonials. Same exact reviews can be found elsewhere. Source 1. Source 2.

Company address listed on the site and in “her” email sig is fake.

Could probably find more red flags with more digging, but chances are they are just spamming out emails hoping to catch a whale.

1 Like

Yeah, what I wonder is why these guys want to be associated with that website;

Actually… after noticing this;

They’ll probably the spammers.

Edit: I’m willingto bet this agency UK and US addressed are not their own.

Let’s buy them out with a group buy and merge with hostballs

BlueBalls, here we come

1 Like

Remember to hide your car plate. It can reveal almost everything about you.

Yeah thats it! I’m gonna become a cop to spam the fk… out of everyone.
…fake traffic tickets here they go…

Does not require a cop.

Anyone can find out.

not here, and doudb anywhere in Europe is possible for anyone to find out anything about me via my car plate.
I can’t even get the owner name.

//OR// There’s something really huge I’m missing. So how do you do it?

I won’t say too much but there is a database which car insurance company can use.

Not as detailed as the one the police uses but has all basic info.

Ha! I was forgetting about that one.
Yes, same here, they use it to check if you have a debt to an insurance company and how many accidents you had.

I’m not so sure about the legality of this DB. Financial institutions also have access to a DB to know how much you own etc…

It’s funny that GDPR doesn’t seem to have changed any of that.

Edit: But ya know… no Marketing company is able to grab it to sell it say to you. At least not legally.