Security researchers Bob Diachenko and Vinny Troia uncovered a MongoDB database that contained 150GB of data including plaintext marketing data and 763 million email addresses. The information was made public by the security researchers today in the Security Discovery blog. The emails are owned by an email validation firm Verifications.io which was taken down on the day Diachenko reported it to the marketing company.
Email validators are crucial to marketing companies as they are responsible for ensuring the contact lists are valid, and the only way to check if an address is valid is by sending emails. Marketing firms outsource the work to these companies, so they do not get blacklisted for spam themselves. Â In addition to the email profiles, the leaked database also had access details and a user list with names and credentials to access FTP server to upload/download email lists which were also hosted on MongoDB.
A total of 809 million records were found in the Verifications.io trove, and it also included phone numbers, addresses, names and in some cases even social media links as well. Sensitive data like social security numbers or credit card numbers were not leaked. However, even though the data is not harmful by default, cybercriminals getting access to the data may lead to social engineering scams.
After being contacted, the email marketing company revealed that they patched the security problems in the database and users should no longer be affected. However, the data was already publicly available. Very little is known about verifications.io, and with the websites being taken down there is no way to track down the operators.
What do you think about the email marketing data uncovered by the security researchers? Let us know in the comments below. Share your thoughts below or on our socials at Facebook and Twitter.