On November 8, 2024, a dark web post was published with a potential sale of an alleged API (Application Programming Interface) that provides international lookup services.
This API allegedly grants access to personal data, enabling unrestricted searches for sensitive information such as emails, mobile phone numbers, addresses, and other related data.
The service extends over 170 countries and is purported to offer detailed personal information, including names, addresses, relatives, and associates, a thing that makes it function as a global “white pages” system where the holder of the data can search anyone.

The API is said to be capable of performing in-depth, unrestricted searches that reveal sensitive data, which would typically be protected by privacy laws in many jurisdictions.

How Did This Happen?

While the specific origin and creation of the API remain unclear, it is likely that the API aggregates data from numerous sources, including public records, data brokers, or potentially compromised databases around the world.

This aggregation of information into a single service magnifies the privacy risks, as data that would typically require a significant effort to gather is made easily accessible.
If the API were developed and sold for profit, there is also the possibility of involvement from parties who probably will disregard privacy regulations and will take advantage of such data for extortion, hacking, or surveillance purposes.

Although there is no PoC of data or usage, researchers around the world are already worried about the consequences of such a database, especially due to the large number of countries affected.
This is not the first or last time that something like this happens, but when it does, it triggers research teams and those who may want to take advantage of the data for malicious reasons.