All Vendors
data_enrichment

Lusha

Lusha is a data enrichment vendor that operates a crowdsourced contact intelligence network where user-contributed data from browser extension activity forms the backbone of a 300M+ profile database with significant consent chain opacity.

177 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Lusha discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

3 gaps

compliance

HIGH
They Claim

GDPR and CCPA compliant with ISO 27701 certification

Observed Behavior

Community contribution model creates structural consent gaps that ISO certification does not address. Opt-out mechanism places burden on data subjects to discover their inclusion.

data_provenance

HIGH
They Claim

Data sourced from publicly available information and partnerships

Observed Behavior

Significant portion of database built from community contributions—user address books and contact networks harvested via browser extension. Percentage breakdown of sources not disclosed.

accuracy

MEDIUM
They Claim

Verified and accurate contact data

Observed Behavior

Awaiting scanner verification. Multiple third-party reviews report stale phone numbers and outdated emails. No public SLA on data freshness for community-contributed records.

Customer Impact

What This Means For You

Revenue risk manifests in three areas. First, compliance exposure: if your organization operates in GDPR-regulated markets and uses Lusha-enriched data for outreach, you carry liability for the entire data provenance chain. Fines under GDPR can reach 4% of global annual revenue. Second, data quality degradation: community-contributed data has no SLA on freshness, and stale contacts waste sales capacity on unreachable prospects. Third, competitive intelligence leakage: your enrichment queries and prospecting patterns are visible to Lusha as a platform operator. For GTM teams, the practical impact is that Lusha becomes a shared intelligence layer across your competitive landscape. Every enrichment query you run helps refine a database that your competitors also access. There is no mechanism to prevent Lusha from using aggregate enrichment patterns to improve data products sold to other customers.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Lusha

  • - Audit all Lusha-enriched records in your CRM for GDPR Article 14 notification compliance, particularly for EU-based contacts. - Request a formal data provenance statement from Lusha specifying what percentage of your enriched contacts originated from community contributions versus verified public sources. - Evaluate whether the Lusha browser extension is deployed on employee machines and assess the permission scope it requires. - Implement a parallel validation layer (direct LinkedIn outreach or company website verification) for high-value prospect data before committing sales resources. - Review your data processing agreements with Lusha to ensure they adequately address the community contribution model and your downstream liability as a data controller.

Negotiation Leverage

  • Lusha's primary vulnerability in negotiations is the community contribution consent chain. Request explicit contractual language guaranteeing that all data provided to your organization was collected with proper legal basis under applicable privacy regulations. Push for data provenance transparency—specifically, the sourcing methodology for each enriched record (public, partnership, or community-contributed).
  • Negotiate for data exclusivity windows or at minimum, disclosure of how many other customers received the same enriched contacts in a given period. Use Lusha's ISO 27701 certification and GDPR compliance claims as leverage: if they claim compliance, they should be willing to contractually indemnify you against regulatory action arising from data provenance issues. Request audit rights over the community contribution pipeline, and insist on SLAs for data freshness and accuracy with contractual remedies for degradation.
IOC Manifest

IOC Manifest

177 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.lusha.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/contact-form-7/includes/js/index.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/country-phone-field-contact-form-7/assets/js/countrySelect.js*
Tracking script
TRACK
*www.lusha.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/country-phone-field-contact-form-7/assets/js/intlTelInput.js*
Tracking script
TRACK
*experiment-vanilla-sdk.lusha.com/experiment-vanilla-sdk.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/contact-form-7-multi-step-pro/assets/frontend/js/cf7mls.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/site/custom/custom.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/site/vendor/vendor.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/templates/components/testimonials-script.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/templates/vendor/select2.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/templates/vendor/swiper-bundle.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/components/v4/quote-carousel.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/vendor/motion.js*
Tracking script
EXFIL
*www.lusha.com/wp-content/themes/lusha/assets/js/components/v4/scroll-reveal-text.js*
Data collection endpoint
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/components/v4/sticky-tabs-nav.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/international-telephone-input-for-contact-form-7/assets/js/script.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/international-telephone-input-for-contact-form-7/vendor/intl-tel-input/js/intlTelInput.js*
Tracking script
TRACK
*www.lusha.com/wp-content/themes/lusha/assets/js/templates/vendor/dotlottie-player.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/google-site-kit/dist/assets/js/googlesitekit-events-provider-contact-form-7-*.js*
Tracking script
TRACK
*www.lusha.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*ab-cache.lusha.com/status.json*
Tracking script
TRACK
*ab-cache.lusha.com/events.json*
Tracking script
TRACK
*www.lusha.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/*/main.js*
Tracking script
TRACK
*www.lusha.com/wp-content/plugins/international-telephone-input-for-contact-form-7/vendor/intl-tel-input/js/utils.js*
Tracking script
TRACK
*static-packages-prod.lusha.com/website-visitor-pixel/latest/insights.js*
Tracking script
TRACK
www.lusha.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/contact-form-7/includes/js/index.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/country-phone-field-contact-form-7/assets/js/intlTelInput.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/country-phone-field-contact-form-7/assets/js/countrySelect.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/contact-form-7-multi-step-pro/assets/frontend/js/cf7mls.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/site/vendor/vendor.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/site/custom/custom.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/templates/vendor/select2.min.js
Auto-extracted from scan
TRACK
experiment-vanilla-sdk.lusha.com/experiment-vanilla-sdk.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/templates/vendor/swiper-bundle.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/templates/components/testimonials-script.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/components/v4/quote-carousel.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/vendor/motion.js
Auto-extracted from scan
EXFIL
www.lusha.com/wp-content/themes/lusha/assets/js/components/v4/scroll-reveal-text.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/components/v4/sticky-tabs-nav.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/google-site-kit/dist/assets/js/googlesitekit-events-provider-contact-form-7-83c32a029ed2cf5b6a82.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/themes/lusha/assets/js/templates/vendor/dotlottie-player.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/international-telephone-input-for-contact-form-7/vendor/intl-tel-input/js/intlTelInput.min.js
Auto-extracted from scan
TRACK
www.lusha.com/wp-content/plugins/international-telephone-input-for-contact-form-7/assets/js/script.min.js
Auto-extracted from scan
TRACK
www.lusha.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.lusha.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js
Auto-extracted from scan
TRACK
static-packages-prod.lusha.com/website-visitor-pixel/latest/insights.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Lusha integrates natively with Salesforce, HubSpot, Pipedrive, Zoho CRM, Microsoft Dynamics, Outreach, Salesloft, and Bullhorn. The platform also offers API access for custom integrations and bulk enrichment workflows. Data flows bidirectionally in several of these integrations—Lusha enriches CRM records, and CRM data may inform Lusha's matching algorithms. The broader data supply chain is opaque. Lusha references "strategic partnerships" as a data source alongside public data and community contributions, but does not publicly name its data partners. This means organizations using Lusha cannot fully audit the upstream data supply chain feeding into their CRM. The company competes directly with ZoomInfo, Apollo.io, and Cognism in the B2B contact enrichment space, and data from these platforms frequently overlaps, suggesting shared upstream data suppliers.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

177 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details