Brinztech Alert: Database of Yellow Pages Directory Inc. is Leaked

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to have leaked a massive database that they allege was exfiltrated from the servers of Yellow Pages Directory Inc. According to the seller’s post, the data is a 95GB SQL database that was breached on September 15, 2025. The database purportedly contains both Yellow Pages (business) and White Pages (individual) directory information for the United States, including phone numbers and street addresses.

This claim, if true, represents a data breach of a colossal scale. A single, structured, and searchable 95GB database of US residential and business contact information is a foundational “master list” for all types of fraud and spam operations. While some of this information may be publicly available in disparate forms, its aggregation into a single database makes it an incredibly powerful and dangerous tool for criminals. The nature of the leak strongly suggests that a critical SQL injection vulnerability was exploited.

Key Cybersecurity Insights

This alleged data breach presents a critical and widespread threat to the American public and its businesses:

• A “Master List” for Nationwide Scams: The most significant risk is that this 95GB database serves as a master toolkit for a massive wave of fraud. Criminals will use this data to fuel unprecedented volumes of phishing (email), smishing (SMS phishing), vishing (voice phishing), and even direct mail scams targeting the entire country.
• Indication of a Critical SQL Injection Vulnerability: The leak of a raw, massive SQL database is a classic hallmark of a successful and severe SQL Injection (SQLi) vulnerability. This indicates a fundamental flaw in the company’s web application security that allowed an attacker to dump the entire database.
• A Rich Dataset for Compounding Breaches: The aggregation of this public data into a single, structured database is what makes it so potent. Criminals can easily cross-reference this information with data from other breaches (such as leaked password lists) to build more complete profiles on millions of American citizens and businesses, enabling more sophisticated attacks.

Mitigation Strategies

In response to a public data leak of this nature, all US citizens and businesses must be on high alert:

• Heighten Public Vigilance: The primary defense is public awareness. All US citizens and businesses must operate under the assumption that their contact information is readily available to scammers. It is critical to treat all unsolicited communications—emails, text messages, and phone calls—with extreme suspicion.
• Implement Robust Filtering: Businesses and individuals should ensure they are using robust email and SMS filtering solutions. Report any phishing or spam messages to help train these filters to block the massive campaigns that this data will enable.
• Practice Strong Credential Hygiene: Because this data will be used to target individuals for credential theft, good security practices are essential. Use strong, unique passwords for every online account and, most importantly, enable Multi-Factor Authentication (MFA) wherever it is offered to protect against account takeover.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com