A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing:
Initially, it was discovered only an unprotected database, but the situation is worse than initially thought because cyber security firm Dynarisk announced that there were four databases exposed online.
Security experts have revealed that there are more than
“As a result, 2,069,145,043 records (made up of both individual consumers and businesses) have been leaked, accessible to anyone with the know-how to find it.” reads the post published by Dynarisk.
“Four databases were leaked, totaling over 196 gigabytes of personal and professional information suitable for
The huge trove of information is a gift for threat actors that can use them to carry out several malicious activities, including phishing campaign, scams, telephone push payment fraud, and Business Email Compromise.
According to Dynarisk, the databases were operated by Verifications.io, which provides enterprise email validation, at the time of writing the Verifications.io website is off line.
The good news is that the archives don’t include financial data, medical records or other sensitive information.
Verifications.io claims the data was “built with public information, not client data,” but this declaration doesn’t provide us further information about the company’s compliance with current privacy regulation.
(SecurityAffairs – Verifications.io, Data Leak)