The repository of email addresses and other records would offer a gold mine of data for scammers

Security researchers have discovered a humongous collection of email addresses and other data that was left sitting on the internet with no protection whatsoever.

Bob Diachenko revealed late last week that he’d found an unsecured MongoDB server with more than 808 million records that “were publicly accessible for anyone with an internet connection”. The server was found to belong to enterprise email validation company Verifications.io, which took the database down soon after being alerted to the security lapse by Diachenko on Friday, March 8. At the time of writing, the entire website of the little-known business is offline.

Before long, cybersecurity company DynaRisk put the number of exposed records even higher. Its investigation found four databases sitting out in the open, rather than ‘just’ one as per Diachenko’s findings. Instead of 150 gigabytes, the collection weighed in at 196 gigabytes and comprised nearly 2.07 billion records.

What’s in it for you?

The records included a smorgasbord of data, primarily some 768 million email addresses. In many cases, the email addresses came together with their owners’ names, social media accounts, phone numbers, dates of birth, ZIP codes, as well as credit score information, mortgage amounts, interest rates, and other data. Also exposed were names, revenues and other business-specific data for a number of companies.

On the bright side, passwords, Social Security numbers and credit card details were not included in the unsecured MongoDB instance.

Diachenko said that he’d checked a sample of the dataset against Troy Hunt’s Have I Been Pwned (HIBP) website, finding that, unlike Collection #1, the records aren’t merely an aggregation of data from previous leaks and breaches.

At any rate, such troves of data are useful not only for marketing campaigns, but also for all manner of scammers, who could leverage such information for social engineering campaigns.

Now that the data exposed by Verifications.io have been added to Hunt’s database, you can go and check for yourself any of your data was also impacted. More than a third of the email addresses are new to the database.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!