Security & Fraud

982M Email Accounts Leaked From Online Database

data breach

Close to 1 billion email accounts were leaked by a marketing company in what some researchers are calling the “biggest and most comprehensive email database” breach ever.

The Daily Mail reported that personal information from 982 million email accounts included names, gender, dates of birth, employers and even home addresses in the database. The info did not contain passwords or credit card details.

The online database was created by a company called Verifications.io, which reportedly had no security measures in place. The company offered an “enterprise email validation” service for marketing companies to check whether email addresses were valid or not.

Cybersecurity expert Bob Diachenko discovered the breach and contacted the Verifications.io support team. The company has since taken down its website. It’s not clear whether hackers got hold of the information or not.

Diachenko did some checking by cross-referencing the breached info with the HaveIBeenPwned database, which lists public breaches. He found out that there were new records that had never been exposed before.

“Upon verification, I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection,” Diachenko said in the report. “Some of data was much more detailed than just the email address and included personally identifiable information.”

Verifications.io offered marketers the chance to “verify” email addresses, a common tactic deployed to do the work, which is often tedious and takes a long time. It involves manually sending out emails to see if they’re active or not.

The company, which is based in Estonia, sent out thousands of emails to verify addresses, usually with the only a message saying “hi.”

Once the addresses are verified, marketing companies will start emailing in earnest. It also puts people at risk for robo calls and phishing attacks, which will try to lure even more personal information out of people.

——————————

LATEST PYMNTS REPORT: MARCH 2020 B2B API TRACKER  

B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

TRENDING RIGHT NOW