An unknown hacker recently disclosed a massive scrape conducted on Crunchbase in 2024, resulting in a substantial leak of company and user data.
The leaked information from this alleged Crunchbase data breach encompasses details from nearly every company and user profile present on the platform, involving a staggering 3.1 million companies and 1.2 million users.
While the scraped data may have been publicly accessible, the sheer volume of aggregated information raises concerns about the potential misuse of the data — especially when the data consists of contacts, social media accounts, locations, and hierarchical data about the organizations.
Alleged Crunchbase Data Breach and Possible Ramifications
This database could become a valuable resource for malicious actors, enabling them to execute large-scale spear phishing attacks and enhancing their capabilities in social engineering.
As a platform offering comprehensive information about businesses, including investment details, leadership profiles, and corporate news, this Crunchbase data leak could potentially expose sensitive and public information related to employees, company funding, and other organizational data.
Threat researcher Alon Gal highlighted the severity of the situation, stating that the dark web hacker performed a “massive scrape” on Crunchbase. The hacker’s post on the dark web included a downloadable CSV file containing company and user details, emphasizing the extent of the data breach.
Verification Required to Substantiate Crunchbase Data Leak
The Cyber Express attempted to verify the alleged Crunchbase data breach by reaching out to the organization for an official statement or response. However, as of the time of writing, no confirmation or denial from Crunchbase has been received, leaving the claims of the data leak unconfirmed from the company’s side.
Data scraping practices, especially when conducted without a legal basis or the knowledge of affected individuals, raise serious data protection concerns. Such activities may violate data protection rules, including regulations like the General Data Protection Regulation (GDPR), leading to unlawful processing of personal data and potential risks such as unsolicited direct marketing, identity theft, profiling, monitoring, and personal data breaches.
This is an ongoing story and The Cyber Express is closely monitoring the situation. We’ll update this post once we have more data on the alleged Crunchbase data leak or any official confirmation from the organization.
If the claims for the Crunchbase data breach turn out to be true then it can go both ways since a lot of the data is already publicly available but the mere volume of data raises security concerns within the corporate domain.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.