Thursday, January 21, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

809 million records exposed by email marketing giant

March 9, 2019
in Internet Security
809 million records exposed by email marketing giant
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Data breach leaves hundreds of POS units infected with malware
Nearly 140 bars, restaurants, and coffee shops all over the US have had POS systems infected with malware.

Data breaches are so common now that your eyes may tend to gloss over the news of yet-another public exposure of personally identifiable information (PII) and customer records.

You might also like

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

Best antivirus software in 2021

NSA urges system administrators to replace obsolete TLS protocols

Even in such a world, however, sometimes a case which tops many others still enters the public domain — such as the discovery of a database which has been described as “perhaps the biggest and most comprehensive email database I have ever reported” by the researcher who uncovered the breach.

According to Bob Diachenko, alongside security researcher Vinny Troia, the 150GB MongoDB instance in question contained four separate collections of data.

In total, Diachenko and Troia found 808,539,939 records, the largest collection of which was named “mailEmailDatabase,” separated into three sections as below:

  • Emailrecords (798,171,891 records)
  • emailWithPhone (4,150,600 records)
  • businessLeads (6,217,358 records)

The information on offer was “more detailed than just the email address and included PII,” the researchers say, with information relating to ZIP codes, phone numbers, physical addresses, email addresses, genders, user IP addresses, and dates of birth all available to anyone with an Internet connection.

After cross-referencing the database with records obtained from Troy Hunt’s HaveIBeenPwned database — a collection of known leaks and exposures which can be used by visitors to find out if they have been involved in a data breach — Diachenko was able to ascertain that the database was not just a bulk data dump of stolen information, such as in the case of the Collection 1 leak.

“Although not all records contained the detailed profile information about the email owner, a large number of records were very detailed,” the researcher added.

The MongoDB instance did provide some clues as to whom the data may belong to — namely, a company called “Verifications.io.”

At the time of writing, the company’s website is unavailable, but cached pages show that Verifications.io describes itself as an email marketing firm with a particular specialization in circumventing spam traps and hard bounces.

CNET: Facebook Messenger bug revealed who you had conversations with

One such service the company offers is called “Enterprise Email Validation,” which allows customers to upload email lists for marketing and verification purposes. An email is simply sent to someone as a test which validates the email, but if it bounces, the message is added to a bounce list for testing later.

However, these messages appear to have been stored in plaintext and without any form of protective encryption once uploaded to the service.

TechRepublic: Termite and EarthWorm testing tool weaponized to create multi-platform botnet

While a list of email addresses and some PII may not seem like a big deal, Diachenko laid out a potential attack vector in which threat groups would find such a database an invaluable find.

If a hacker drew up a list of companies they wanted to compromise and also obtained a list of potentially usable credentials, rather than brute-force attack each one, all of their email addresses could be uploaded to a service such as Verifications.io.

By doing so, the threat actor is able to save time and reduce the chance of being exposed, while at the same time, the service validates their email cache to find the true targets worth pursuing — as well as prove PII which could be used in identity theft or social engineering attacks. 

See also: Banking Trojans flood the enterprise, Android attacks surge

The researchers reported their findings to Verifications.io, which pulled its website offline in response. The database was also taken down on the same day.

“In the response they identified that what I had discovered was public data and not client data, so why close the database and take the site offline if it indeed was “public”?,” Diachenko noted. “In addition to the email profiles this database also had access details and a user list of (130 records), with names and credentials to access FTP server to upload / download email lists (hosted on the same IP with MongoDB). We can only speculate that this was not meant to be public data.”

Previous and related coverage

Credit: Source link

Previous Post

Here Are 10 Statistical Techniques Data Scientists Should Master

Next Post

RSA 2019: Insider's look at the premier cybersecurity conference

Related Posts

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
Internet Security

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

January 21, 2021
Best antivirus software in 2021
Internet Security

Best antivirus software in 2021

January 21, 2021
NSA urges system administrators to replace obsolete TLS protocols
Internet Security

NSA urges system administrators to replace obsolete TLS protocols

January 21, 2021
Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks
Internet Security

Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks

January 21, 2021
Willyama’s role in helping Indigenous Australians secure a career in cybersecurity
Internet Security

Google: These new password protection features are coming to Chrome

January 20, 2021
Next Post
RSA 2019: Insider’s look at the premier cybersecurity conference

RSA 2019: Insider's look at the premier cybersecurity conference

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
Internet Security

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

January 21, 2021
Skyrim modders have a new machine learning tool that turns text to realistic NPC speech
Machine Learning

Skyrim modders have a new machine learning tool that turns text to realistic NPC speech

January 21, 2021
6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021
Neural Networks

6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021

January 21, 2021
Agile Marketing: 3 Tips for a Post-Pandemic Economy
Marketing Technology

Agile Marketing: 3 Tips for a Post-Pandemic Economy

January 21, 2021
Best antivirus software in 2021
Internet Security

Best antivirus software in 2021

January 21, 2021
The 37 Best Machine Learning Courses on Udemy to Consider
Machine Learning

The 37 Best Machine Learning Courses on Udemy to Consider

January 21, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data January 21, 2021
  • Skyrim modders have a new machine learning tool that turns text to realistic NPC speech January 21, 2021
  • 6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021 January 21, 2021
  • Agile Marketing: 3 Tips for a Post-Pandemic Economy January 21, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates