An unprotected 140+ GB MongoDB database led to the discovery of a huge collection of 808,539,939 email records, with many of them also containing detailed personally identifiable information (PII).
The large database discovered by security researcher Bob Diachenko comprised four separate collections of records, the biggest one being named mailEmailDatabase organized in three folders:
- Emailrecords (count: 798,171,891 records)
- emailWithPhone (count: 4,150,600 records)
- businessLeads (count: 6,217,358 records)
The Emailrecords folder which included the most records contained the last name, date of birth, email, phone number, zip code, address, gender, and IP address for each separate entry.
Diachenko cross-checked a selection of random records from the database with the HaveIBeenPwned database of leaked records maintained by Troy Hunt and reached the conclusion that they were not part of any previous leak, leading to the conclusion that this was a new and unique set of data.
During the verification process, the researcher also tried to pinpoint the owner of the exposed MongoDB instance and, eventually, managed to discover a possible owner in Verifications IO LLC, a company which advertised “enterprise email validation” services on its website.
Before finding the firm’s website and the services it provided, Diachenko thought that the database was used to provide targets for spam campaigns because “The database(s) included email accounts they use for sending mail as well as hundreds of SMTP servers, email, spam traps, keywords to avoid, IP addresses to blacklist, and more.”
However, it all made sense after pairing up with Vinny Troya, owner of NightLion Security, for more research and finding out that Verifications IO LLC validated emails in bulk for companies who wanted to remove the addresses who weren’t active from their newsletter directories.
Following his report, the company took down its website and the leaked database, and also issued a statement which said that the roughly 800 million records left in the open were “built with public information, not client data.”
According to Diachenko, the company moved very fast to correct their mistake taking down the exposed data during the same day following his report.
Besides the hundreds of millions that also contained personally identifiable information (PII), the unprotected database also contained “access details and a user list of (130 records), with names and credentials to access FTP server to upload / download email lists (hosted on the same IP with MongoDB).”
The number of data breaches saw a 424% increase in 2018
The number of verified data breaches throughout 2018 went up to 12,449 incidents, which translates into a 424% increase when compared to the previous year.
Also, roughly 47% of all compromised records were exposed in breaches experienced by organizations from the United States and China.
However, even though the number of breaches saw a strong boost during the last year, the average breach sized actually decreased to 216,884 records, a value 4.7 times smaller than the one from 2017.
In 2018 the data breach landscape also saw an important 71% hike in underground activity, with approximately 14.9 billion unprocessed stolen identity records being circulated among crybercriminals, although only 3.6 billion of them were authentic and not containing overlapping info with other records.