Email Marketing Company Leaves 809 Million Records Unprotected

  • Two security researchers have uncovered a database with 763 million email addresses and other data that was left unprotected.
  • The database owner was contacted, and security patches have been deployed to resolve the issue.
  • Despite the patch, the database was exposed for months and hackers may have already stolen the data for social engineering activity.

Security researchers Bob Diachenko and Vinny Troia uncovered a MongoDB database that contained 150GB of data including plaintext marketing data and 763 million email addresses. The information was made public by the security researchers today in the Security Discovery blog. The emails are owned by an email validation firm Verifications.io which was taken down on the day Diachenko reported it to the marketing company.

Email validators are crucial to marketing companies as they are responsible for ensuring the contact lists are valid, and the only way to check if an address is valid is by sending emails. Marketing firms outsource the work to these companies, so they do not get blacklisted for spam themselves.  In addition to the email profiles, the leaked database also had access details and a user list with names and credentials to access FTP server to upload/download email lists which were also hosted on MongoDB.

A total of 809 million records were found in the Verifications.io trove, and it also included phone numbers, addresses, names and in some cases even social media links as well. Sensitive data like social security numbers or credit card numbers were not leaked. However, even though the data is not harmful by default, cybercriminals getting access to the data may lead to social engineering scams.

After being contacted, the email marketing company revealed that they patched the security problems in the database and users should no longer be affected. However, the data was already publicly available. Very little is known about verifications.io, and with the websites being taken down there is no way to track down the operators.

What do you think about the email marketing data uncovered by the security researchers? Let us know in the comments below. Share your thoughts below or on our socials at Facebook and Twitter.

REVIEW OVERVIEW

Latest

Mob Psycho 100 Season 3: Release Date, Teaser, Poster and Where to Watch!

Mob Psycho 100 season 3 has finally been confirmed by the series’ official Twitter account, along with the release of a new...

GPSD Bugs Set to Roll Back Clocks to 2002 on Sunday

A GPSD bug will make apps roll back to 2002 on Sunday, 24th November 2021.The bug comes from a mistaken code put...

Ransomware Attacks Perpetrated via Vulnerability in BillQuick Billing Software

A critical vulnerability that allowed remote code injection was discovered in multiple versions of the relatively popular BillQuick billing software.The exploit comes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari