Email addresses of almost a BILLION people are leaked in one of the biggest data breaches ever- and hackers could now have access to your name, date of birth and even where you LIVE
- ‘Email validation’ firm was taken offline when the enormous breach was reported
- Personal information like names, address and employer were also exposed
- Verifications.io is a company offering ‘enterprise email validation’ as a service
- Validators ensure that the email addresses in a list are valid and won’t bounce
25
View
comments
Hundreds of millions of people’s personal data has been breached online by a marketing company who have since taken their website down.
Email addresses from 982 million people were listed in what researchers are calling one of the ‘biggest and most comprehensive email database’ breaches ever recorded.
Personal information including names, gender, date of birth, address, employer and details of social media accounts were also listed.
The data breach puts the millions of people involved at a higher risk of being exposed to hack attacks, fraud, nuisance calls and emails.
Security researchers uncovered the breach in an unsecured online database created by Verifications.io, a company offering ‘enterprise email validation’.
Marketing companies used the service to send out mass emails to work out if the addresses they have collected listed are genuine.
The unprotected and publicly accessible MongoDB database contained 150 gigabytes of marketing data, according to the researcher’s blog post.
Scroll down for video
Hundreds of millions of people’s personal data has been breached online by a marketing company who have since taken their website down. Pictured here, a screen grab of the website when it was active
The website went offline after Cyber security expert Bob Diachenko, one of the researchers who found the breach, notified its support team.
It was unclear whether the exposed data was accessed by others. Passwords and payment card details were not leaked.
Other records in the collection appeared to be ‘business intelligence data’, related to generating sales leads at businesses.
This included company names, annual revenue figures, company websites, and industry identifiers.
His team said that Verifications.io offered a service to marketers where it would ‘verify’ lists of email addresses by sending emails to see if they bounced.
If they do bounce they simply put them in a ‘bounce list’ so they can easily validate it later on.
- Sea turtles are washing up by the HUNDREDS on New England… Kung-fu kangaroo! Two-year study of ‘defenceless’ desert… Greenpeace shames Sainsbury’s and Tesco for failing to cut… Mesmerizing video captures what the speed of light looks…
Share this article
A screengrab of the website today. It was taken down after security researchers uncovered the breach left in an unsecured online database by the company, which sends out tens of thousands of emails to validate these users
The company, with an Estonia address, sends out tens of thousands of emails to validate these users.
Each one of the users on the list gets their own spam message saying ‘hi’.
Then the company sends a verified, and valid list of users to these companies so they can start a more focused phishing campaign, according to Mr Diachenko.
Cyber security expert Bob Diachenko, one of the researchers who found the breach
They said that marketing companies hide behind services like this so that they are not blacklisted for spamming.
Mr Diachenko , along with NightLion Security’s Vinny Troya, cross-referenced the datasets with the HaveIBeenPwned database.
They were then able to establish that these were unique records that had never been exposed in any previous ‘collections’.
‘This is perhaps the biggest and most comprehensive email database I have ever reported,’ Mr Diachenko wrote in his post.
‘Upon verification, I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection.
‘Some of data was much more detailed than just the email address and included personally identifiable information (PII).’
HOW COMPANIES LIKE VERIFICATIONS.IO WORK:
1. Someone, ie, a company, uploads a list of email addresses that they want to validate.
2. Verifications.io has a list of mail servers and internal email accounts that they use to ‘validate’ an email address.
3.They do this by literally sending the people an email.
4. If it does not bounce, the email is validated. If it bounces, they put it in a bounce list so they can easily validate later on.
Source: Read Full Article