Email Marketing Company Leaves 809 Million Records Unprotected

  • Two security researchers have uncovered a database with 763 million email addresses and other data that was left unprotected.
  • The database owner was contacted, and security patches have been deployed to resolve the issue.
  • Despite the patch, the database was exposed for months and hackers may have already stolen the data for social engineering activity.

Security researchers Bob Diachenko and Vinny Troia uncovered a MongoDB database that contained 150GB of data including plaintext marketing data and 763 million email addresses. The information was made public by the security researchers today in the Security Discovery blog. The emails are owned by an email validation firm Verifications.io which was taken down on the day Diachenko reported it to the marketing company.

Email validators are crucial to marketing companies as they are responsible for ensuring the contact lists are valid, and the only way to check if an address is valid is by sending emails. Marketing firms outsource the work to these companies, so they do not get blacklisted for spam themselves.  In addition to the email profiles, the leaked database also had access details and a user list with names and credentials to access FTP server to upload/download email lists which were also hosted on MongoDB.

A total of 809 million records were found in the Verifications.io trove, and it also included phone numbers, addresses, names and in some cases even social media links as well. Sensitive data like social security numbers or credit card numbers were not leaked. However, even though the data is not harmful by default, cybercriminals getting access to the data may lead to social engineering scams.

After being contacted, the email marketing company revealed that they patched the security problems in the database and users should no longer be affected. However, the data was already publicly available. Very little is known about verifications.io, and with the websites being taken down there is no way to track down the operators.

What do you think about the email marketing data uncovered by the security researchers? Let us know in the comments below. Share your thoughts below or on our socials at Facebook and Twitter.

REVIEW OVERVIEW

Recent Articles

How to Watch UFC 254: Khabib vs. Gaethje Live Stream, Start Time, Where to Watch, Fight Card, Betting, Odds, Predictions, Weigh-in

MMA fans get to enjoy a new bout, this time between Khabib Nurmagomedov and Justin Gaethje. We're going to dive into things...

Watch UFC 254 on Roku – Find the Best UFC Channels, Learn How to Install Them & More!

When it comes to watching UFC on Roku, you have numerous great options in front of you. This platform brings many UFC-related...

Should You Watch UFC 254 on Mobdro? Legal & Safe to Use?

If you’ve been searching for a way to watch live TV online, you’ve probably encountered Mobdro at some point. This especially goes...