Data leak due to unprotected MongoDB database has become a common scenario in the cybersecurity world. Lately, researchers discovered a new unsecured MongoDB database exposing around 809 million records online. The database belonged to an email marketing firm Verifications.io.
An insight into the data leak - On February 25, 2019, security researchers Bob Diachenko and Vinny Troia discovered an unprotected publicly accessible MongoDB database containing 150GB of data. The database contained three folders with different records. While the first folder had over 790 million unique email addresses, the second folder contained 4,150,600 records that had both email addresses and users’ phone numbers. The third folder contained than 6 million business lead records.
“This database contained four separate collections of data and combined was an astounding 808,539,939 records. The largest part of it was named ‘mailEmailDatabase’ – and inside it contained three folders,” explained the researchers.
What type of information was exposed - The ‘Emailrecords’ folder contained users’ personally identifiable information such as their zip code, phone numbers, physical addresses, gender, email addresses, IP addresses and dates of birth.
“As part of the verification process I cross-checked a random selection of records with Troy Hunt’s HaveIBeenPwned database. Based on the results, I came to conclusion that this is not just another ‘Collection’ of previously leaked sources but a completely unique set of data. Although, not all records contained the detailed profile information about the email owner, a large amount of records were very detailed. We are still talking about millions of records,” researchers added.
Upon discovery, the firm was made aware of the incident. Proper security measures were taken to contain the breach. Verifications.io took its site offline in order to prevent further exposure of the data.