Recently, 800 million emails was leaked online from world’s largest email verification service. Read on to know about this latest email data breach…
Recently, 800 million emails was leaked online from world’s largest email verification service provider Verifications.io . A security researcher claims to have discovered a non-password protected MongoDB instance at Verifications IO, marking what Security Discovery called the biggest and most detailed email database it has reported on.
The researcher is said to have discovered the 150GB volume of biggest and most comprehensive email unprotected MongoDB that leaked millions of email data online belonging to Verifications.io which is an email marketing company. The exposed number of records is around 809 million.
According to the report, upon verifying the 150GB sized file that wasn’t password protected, researcher Bob Diachenko wrote it was massive, with tons of emails available to the public and accessible to anyone who was online. Some of the data also included personally identifiable information, noted the report. The leaked email contains sensitive information including Personally Identifiable Information (PII) and the complete data being available in public that can be accessed by anyone on the internet.
This Database exactly contains 808,539,939 records with the name of “mailEmailDatabase” where there is 3 different folders under the folder named as a “collection”. The other portions were named Emailrecords, which has 798,171,891 records, emailWithPhone which had 4,150,600 records and businessLeads which 6,217,358 records, noted the report. The records also included email addresses, phone numbers, and addresses. Identifying data such as gender, date of birth, personal mortgage amount, interest rate, social media accounts, and credit score data was also exposed.
“As part of the verification process I cross-checked a random selection of records with Troy Hunt’s HaveIBeenPwned database,” wrote the researcher in the report. “Based on the results, I came to the conclusion that this is not just another ‘Collection’ of previously leaked sources but a completely unique set of data. Although, not all records contained the detailed profile information about the email owner, a large number of records were very detailed.”
The researcher noted in the report that the database was taken down as soon as he sent a notification to the support at the company. “In addition to the email profiles, this database also had access details and a user list of (130 records), with names and credentials to access FTP server to upload / download email lists (hosted on the same IP with MongoDB). We can only speculate that this was not meant to be public data,” Diachenko wrote in the blog.
Email Validation Mechanism
According to the security researcher , the email validation methods works in the following way
1. Someone uploads a list of email addresses that they want to validate.
2. Verifications.io has a list of mail servers and internal email accounts that they use to “validate” an email address.
3. They do this by literally sending the people an email. If it does not bounce, the email is validated.
4. If it bounces, they put it in a bounce list so they can easily validate later on.
If cybercriminals have 100s of companies hacked email address in millions — the online fraudster will not know which one is valid and invalid. In this case, the cybercriminal uploads all of the potential email addresses to a service like verifications.io then the email verification service sends tens of thousands of emails to validate these users in order to identify valid and invalid email address.
”Each one of the users on the list gets their own spam message saying “hi”. Then the threat actor gets a cleaned, verified, and valid list of users at these companies. Now he knows who works there and who does not, and he can start a more focused phishing or brute forcing campaign.” researcher said.