More than billion records exposed online by email validation biz Verifications.io

Pierluigi Paganini March 09, 2019

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io.

A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing:

  • emailrecords = 798,171,891 records
  • emailWithPhone = 4,150,600 records
  • businessLeads = 6,217,358 records

Initially, it was discovered only an unprotected database, but the situation is worse than initially thought because cyber security firm Dynarisk announced that there were four databases exposed online.

Verifications.io 4 MongoDB exposed
Source The Register

The four database were hosted on the same server that was exposed to the Internet. The original discovery was related to the database namedmainEmailDatabase,” now the server is no longer accessible.

Security experts have revealed that there are more than billion records weighing in at 196GB.

“As a result, 2,069,145,043 records (made up of both individual consumers and businesses) have been leaked, accessible to anyone with the know-how to find it.” reads the post published by Dynarisk.

“Four databases were leaked, totaling over 196 gigabytes of personal and professional information suitable for cyber criminals to launch attacks.”

Verifications.io MongoDB archive exposed

The huge trove of information is a gift for threat actors that can use them to carry out several malicious activities, including phishing campaign, scams, telephone push payment fraud, and Business Email Compromise.

According to Dynarisk, the databases were operated by Verifications.io, which provides enterprise email validation, at the time of writing the Verifications.io website is off line.

The good news is that the archives don’t include financial data, medical records or other sensitive information.

Verifications.io claims the data was “built with public information, not client data,” but this declaration doesn’t provide us further information about the company’s compliance with current privacy regulation.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Verifications.io, Data Leak)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment