InWebsiteBuilder Data Breach
Categories

InWebsiteBuilder Data Breach Exposes 18,000 Insurance Agents’ Personal Information and OAuth Identifiers

  • Posted by Sean Doyle
  • Updated
  • 4 min

A new InWebsiteBuilder data breach has exposed the personal and professional data of more than 18,000 insurance agents and agencies. The leaked database, shared on a dark web forum, contains names, emails, profile pictures, and permanent OAuth identifiers that link directly to agents’ Google or Facebook accounts. The data can be used for impersonation, identity theft, and large-scale insurance fraud.

Background of the Breach

Cybersecurity analysts monitoring underground markets discovered a listing offering 18,047 records allegedly taken from InWebsiteBuilder, a software platform used by insurance professionals to create websites and manage client communications. The exposed data includes details specific to verified insurance agents who use the service, making it a high-value target for attackers looking to exploit trust-based relationships between agents and clients.

The attacker claims to have obtained the data from a misconfigured database or a direct compromise of InWebsiteBuilder’s systems. Samples shared by threat actors contain both public and private data fields that confirm the source’s legitimacy. The data appears current and active as of 2025.

Information Exposed in the InWebsiteBuilder Breach

Analysis of the leaked sample reveals a detailed agent profile set. The following information was included in the dataset:

  • Full names, email addresses, usernames, and gender
  • Locale and profile photos
  • OAuth provider information (Google, Facebook, or others)
  • OAuth UIDs, which are permanent unique identifiers for connected accounts
  • Linked URLs, including social media or business profile links

This data combination is extremely dangerous because it gives attackers everything needed to impersonate an agent both visually and digitally. A stolen OAuth UID cannot be reset, and it directly identifies the victim’s real social or business login provider account.

Why the InWebsiteBuilder Data Breach Is Critical

The exposure of permanent OAuth identifiers makes this breach uniquely severe. Unlike passwords, OAuth IDs cannot be changed. They act as permanent identity keys that allow websites and third-party applications to recognize a user. Having this information linked with a real name, photo, and email allows an attacker to perfectly replicate the victim online.

Because this data belongs to active insurance professionals, the attack does not stop at the platform level. Instead, it becomes a supply-chain risk. Criminals can use the leaked data to trick insurance customers into transferring money, providing sensitive documents, or logging into fake policy portals.

How Attackers Can Exploit the Data

The InWebsiteBuilder data breach opens several paths for direct exploitation. Common tactics include:

  • Agent Impersonation: Creating fake accounts or profiles using the agent’s real name and photo to contact clients.
  • Phishing and Payment Fraud: Sending messages to clients pretending to be their agent and requesting premium payments or login credentials for “policy verification.”
  • Credential Stuffing: Using stolen or cracked passwords to test logins across other websites and services.
  • Social Engineering via OAuth Providers: Targeting the specific OAuth provider linked to the victim (for example, a fake “Google login security” notice).

These actions can result in large-scale financial losses and long-term damage to the reputation of insurance professionals and firms.

Regulatory and Legal Implications

Because InWebsiteBuilder operates within the insurance sector, it is subject to financial and data protection laws that require mandatory breach disclosure. In the United States, this includes the California Consumer Privacy Act (CCPA) and the New York SHIELD Act. The company must inform all affected agents and file reports with relevant State Attorneys General.

The insurance industry also falls under additional federal and state-level regulations that emphasize consumer data protection. Failing to notify affected businesses or secure customer data may result in fines, lawsuits, and loss of regulatory approval.

Recommended Actions for InWebsiteBuilder

  • Contain the Breach Immediately: Identify the attack vector, whether it was an exposed database, compromised API, or SQL injection vulnerability.
  • Notify Affected Clients: Inform all 18,047 insurance agents or agencies that their data was exposed. The warning must clearly describe the risks of impersonation and phishing.
  • Force Password Reset and Require MFA: Immediately reset all passwords and enforce Multi-Factor Authentication on every account.
  • Comply with Legal Reporting: Submit breach notifications to all required authorities in accordance with state laws.
  • Implement Continuous Monitoring: Watch for reappearances of the data or new listings referencing InWebsiteBuilder on hacker forums.

What Affected Insurance Agents Should Do

  • Warn Clients About Possible Impersonation: Contact your clients and inform them that attackers may use your real name and photo in scam attempts. Clarify that you will never request payment or credentials over email or chat.
  • Change Reused Passwords Immediately: If your InWebsiteBuilder password was reused anywhere else, change it right away.
  • Strengthen Account Security: Enable MFA on all connected accounts and limit data sharing between platforms whenever possible.
  • Review and Lock Social Media: Set your Google, Facebook, and other connected accounts to private visibility to make it harder for impersonators to copy your profile.
  • Monitor for Identity Theft: Regularly search for your name or photo online to check for fake profiles using your information.
  • Run a Malware Scan: Use trusted security software such as Malwarebytes with real-time protection to check your system for active infections.

Long-Term Protection and Prevention

The InWebsiteBuilder data breach shows how attackers are shifting their focus toward business-to-business platforms that hold valuable access to client networks. The compromise of 18,000 insurance agents could result in thousands of secondary scams if not managed properly. Businesses that rely on third-party platforms must adopt stricter verification and endpoint security practices to prevent such incidents from escalating.

To reduce exposure in the future, organizations should train employees to recognize phishing attempts, perform regular security audits, and implement zero-trust authentication frameworks. When third-party SaaS services are used to handle sensitive client data, contractual data protection standards should also be enforced.

For more reports on data breaches and cybersecurity best practices, visit Botcrawl for detailed analysis and real-time threat intelligence updates.

Written by

Sean Doyle

Sean is a tech author and security researcher with more than 20 years of experience in cybersecurity, privacy, malware analysis, analytics, and online marketing. He focuses on clear reporting, deep technical investigation, and practical guidance that helps readers stay safe in a fast-moving digital landscape. His work continues to appear in respected publications, including articles written for Private Internet Access. Through Botcrawl and his ongoing cybersecurity coverage, Sean provides trusted insights on data breaches, malware threats, and online safety for individuals and businesses worldwide.

More Reading

Post navigation

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.