Brinztech Alert: Database of LeaseHawk is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a database that they allege was stolen from LeaseHawk, a major software and services provider for the multifamily property industry. According to the seller’s post, the database contains 222,700 unique user emails, along with a variety of other sensitive data including user IDs, IP addresses, contact information, and other metadata related to leasing activities. The seller is demanding payment in the privacy-focused cryptocurrency Monero (XMR).

This claim, if true, represents a critical supply chain security incident for the property management sector. A data breach at a central software vendor like LeaseHawk does not just affect the company itself; it poses a direct and immediate threat to all of their clients—the property management companies—and by extension, the prospective tenants who use the service. The allegedly compromised data is a goldmine for criminals, who can use it to orchestrate highly effective and convincing real estate and rental scams.

Key Cybersecurity Insights

This alleged data breach presents a critical and widespread supply chain threat:

• Severe Supply Chain Risk for the Property Management Industry: The primary danger is the potential for follow-on attacks against LeaseHawk’s clients. Threat actors can use the leaked data to craft highly convincing spear-phishing emails impersonating LeaseHawk to compromise the accounts of property managers, leading to further breaches.
• A Toolkit for Sophisticated Real Estate Fraud: The alleged data, which links prospective tenants to property managers and leasing activities, is a perfect tool for fraud. Criminals could impersonate a legitimate property manager to trick a rental applicant into sending a security deposit or first month’s rent to a fraudulent account.
• High Risk of Widespread Credential Stuffing: A list of over 222,000 email addresses of property managers and tenants will be immediately used for “credential stuffing” attacks. Criminals will test these emails with passwords stolen from other breaches against a wide variety of other online services.

Mitigation Strategies

In response to a supply chain threat of this nature, LeaseHawk and its clients must take immediate action:

• Launch an Immediate Investigation and Notify Partners: LeaseHawk’s highest priority must be to conduct an urgent forensic investigation to verify the claim’s authenticity. It is also their critical responsibility to proactively and confidentially notify all of their property management clients about the potential breach so those organizations can take defensive measures.
• Mandate a Full Credential and Security Overhaul: LeaseHawk must enforce an immediate, mandatory password reset for all users on its platform. Implementing Multi-Factor Authentication (MFA) is an essential control to prevent attackers from using any compromised employee or customer credentials.
• Alert Tenants and Staff to Fraud Risks: All property management companies that use LeaseHawk should issue urgent alerts to their staff and any prospective tenants in their pipeline. They must be warned about the high risk of sophisticated scams involving rental applications, deposits, and lease agreements, and all payment instructions should be rigorously verified through an out-of-band channel.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com