Intention: Using these lists for mass cold-emailing often violates Anti-Spam Acts (CAN-SPAM), which can lead to your domain being blacklisted.
| Risk Category | Consequence | | :--- | :--- | | | Mass exposure of customer, partner, or employee email lists. | | Phishing Fuel | Attackers use legitimate company email addresses to craft convincing spear-phishing campaigns. | | Competitive Intelligence | Rivals can map a company’s customer base or internal structure. | | Regulatory Violation | Leaking emails with PII (e.g., EU GDPR, CCPA, HIPAA) can lead to massive fines. | | Account Takeover | Email lists combined with password reuse data (from other breaches) enable credential stuffing. | filetype xls inurl emailxls link
Wanting to make it "accessible" for the team while working remotely, Alex uploaded the file to a public folder on the company's web server. Alex thought the file was safe because there were no direct links to it from the homepage. However, Alex didn't realize that search engine "crawlers" are designed to find every nook and cranny of a server. The Discovery Intention: Using these lists for mass cold-emailing often