Security & Fraud

982M Email Accounts Leaked From Online Database

data breach

Close to 1 billion email accounts were leaked by a marketing company in what some researchers are calling the “biggest and most comprehensive email database” breach ever.

The Daily Mail reported that personal information from 982 million email accounts included names, gender, dates of birth, employers and even home addresses in the database. The info did not contain passwords or credit card details.

The online database was created by a company called Verifications.io, which reportedly had no security measures in place. The company offered an “enterprise email validation” service for marketing companies to check whether email addresses were valid or not.

Cybersecurity expert Bob Diachenko discovered the breach and contacted the Verifications.io support team. The company has since taken down its website. It’s not clear whether hackers got hold of the information or not.

Diachenko did some checking by cross-referencing the breached info with the HaveIBeenPwned database, which lists public breaches. He found out that there were new records that had never been exposed before.

“Upon verification, I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection,” Diachenko said in the report. “Some of data was much more detailed than just the email address and included personally identifiable information.”

Verifications.io offered marketers the chance to “verify” email addresses, a common tactic deployed to do the work, which is often tedious and takes a long time. It involves manually sending out emails to see if they’re active or not.

The company, which is based in Estonia, sent out thousands of emails to verify addresses, usually with the only a message saying “hi.”

Once the addresses are verified, marketing companies will start emailing in earnest. It also puts people at risk for robo calls and phishing attacks, which will try to lure even more personal information out of people.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

TRENDING RIGHT NOW