Email verification service takes itself offline after 800 million records get publicly exposed

Researchers find a non-protected MongoDB instance amounting to 150GB of unique data

Image depicting email security

An online email verification service has taken itself offline after approximately 809 million of its customers' emails were exposed through an unprotected server.

Researchers discovered a non-password protected MongoDB instance amounting to 150GB of data split across four separate collections last week. They analysed this exposed data, 808,593,939 records in total, and published their findings on Thursday.

The exposed records are owned by an email verifications service named Verifications.io, according to the researchers.

The largest drive, named 'mailEmailDatabase', itself contained three folders; Emailrecords (798,171,891 records exposed), emailWithPhone (4,150,600 records exposed) and businessLeads (6,217,358 records exposed).

Beyond names, email addresses and phone numbers, the exposed records may also have contained additional information such as city, phone number, date of birth, and gender.

Cyber security expert Bob Diachenko, who discovered and analysed the exposed data with NightLion Security's Vinny Troya, then cross-referenced these records with the HaveIBeenPwned database.

They established these were unique records that had never been exposed in any previous 'collections'. Included in this bracket, for example, are the monster Collections #1 to #5 leaks of 2.2 billion unique records exposed earlier this year.

"This is perhaps the biggest and most comprehensive email database I have ever reported," Diachenko wrote in his post.

"Upon verification, I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection. Some of data was much more detailed than just the email address and included personally identifiable information (PII)."

Clues within the dataset pointed Diachenko to Verifications.io as the likely owner of the non-password protected MongoDB instance.

The company, which offers 'enterprise email validation' as a service, then took its entire website offline the same day he reported the discovery to its support team.

"We appreciate you reaching out and informing us," Verifications.io's support team told Diachenko via email. "We were able to quickly secure the database. Goes to show, even with 12 years of experience you can't let your guard down.

"After closer inspection, it appears that the database used for appends was briefly exposed. This is our company database built with public information, not client data."

This fact has confused the researchers, however, who in their blog post posed the question "why close the database and take the site offline if it indeed was "public"?"

Verifications.io remains offline at the time of publication.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

23 Feb 2021

Most Popular

Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
Hackers publish Bombardier data in wide-reaching FTA cyber attack
cyber attacks

Hackers publish Bombardier data in wide-reaching FTA cyber attack

24 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021