An Email Marketing Company Left 809 Million Records Exposed Online
By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters.
Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing dataincluding 763 million unique email addresses. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be "business intelligence data," like employee and revenue figures from various companies.The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.
Instead, they vet a customer's mailing list to ensure that the email addresses in it are valid and won't bounce back.
But fully verifying that an email address works involves sending a message to the address and confirming that it was deliveredessentially spamming people. Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.
"Companies have email lists and want to start emailing them, but theyre not sure how valid they are," says Troia, who founded the firm Night Lion Security. "So they go to a company that will essentially send out spam." Troia speculates, but has not confirmed, that the database may be so large and varied because it comprises all of Verification.io's customers' data.
People's personal information is shared by massive companies like Facebook, bought and sold by shady marketers, or stolen from data giants and doomed to circulate endlessly in the purgatory of criminal forums. The churn makes it difficult for consumers to control who has their data and where it ends up.
We use cookies and analyse traffic to this site. By continuing to use this site, closing this banner, or clicking "I Agree", you agree to the use of cookies. Read our privacy poplicy for more information.