Intelligence X scraped by pompompurin resulting in 280GB exposed Whois data.

On the 16^th of January, the known hacker pompompurin published the following data.

As the hacker himself mentioned, he has a history with the company which could be seen in his older posts.

Who is pompompurin?

Pompompurin is an actively posting and commenting hacker in one of the bigger underground forums.

Also recently known for using a vulnerability to gain access to FBIs’ e-mails. He used the fbi.gov domain name to blast fake emails. The mail – eims@ic.fbi.gov was used to flood companies and people with fake cyberattack alerts. You can find more about that story here – https://nightlion.com/blog/2021/pompompurin-fbi-email-hack/.

Later pompompurin was contacted, to find out his intentions were more of a statement to point out a big vulnerability in the FBI’s systems.

Source: https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

What does intelligence X do?

Intelligence X is an independent European technology company founded in 2018 by Peter Kleissner. The company is responsible for developing and maintaining a search engine for data. The search works with specific search terms such as email addresses, domains, URLs, IPs, CIDRs, Bitcoin addresses, etc. It searches in places as the darknet, document sharing platforms, whois data, public data leaks, and others. And they are saving the data so a big part of its usefulness in threat intelligence is the historical data.

In some underground hacking groups, hackers were talking about a way to benefit from Intelligence X data by downloading portions of it for free.

What data is included?

The leak contains 280Gb of scraped whois data from 19.02.2012 until 29.10.2021

The data has almost full information of domain_name, registrant_name, registrant_company, registrant_address,registrant_email,registrant_phone, administrative and company information, billing information, and server names. 

Including the information of 228,767,196 domain owners.

Whois data was public however after May 25th, 2018, when the GDPR was officially introduced, personal data was no longer available on WHOIS searches as containing sensitive information as above-mentioned.

How can it be used in the wrong hands?

If fallen into the wrong hands the data could be used for:

• spamming 
• harder to distinguish phishing.
• Site impersonation

An example is hackers creating a website of a trusted company by registering a domain address that is almost the same as the original one that collects user data.