Cyber Attack | Data Breach 4-databases-dynarisk-MongoDB

Published on March 11th, 2019 📆 | 5473 Views ⚑

0

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io.

A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing:

  • emailrecords = 798,171,891 records
  • emailWithPhone = 4,150,600 records
  • businessLeads = 6,217,358 records

▼Advertisement

Initially, it was discovered only an unprotected database, but the situation is worse than initially thought because cyber security firm Dynarisk announced that there were four databases exposed online.


Source The Register

The four database were hosted on the same server that was exposed to the Internet. The original discovery was related to the database named “mainEmailDatabase,” now the server is no longer accessible.

▼Advertisement

Security experts have revealed that there are more than billion records weighing in at 196GB.

“As a result, 2,069,145,043 records (made up of both individual consumers and businesses) have been leaked, accessible to anyone with the know-how to find it.” reads the post published by Dynarisk.

“Four databases were leaked, totaling over 196 gigabytes of personal and professional information suitable for cyber criminals to launch attacks.”

The huge trove of information is a gift for threat actors that can use them to carry out several malicious activities, including phishing campaign, scams, telephone push payment fraud, and Business Email Compromise.

▼Advertisement

According to Dynarisk, the databases were operated by Verifications.io, which provides enterprise email validation, at the time of writing the Verifications.io website is off line.

The good news is that the archives don’t include financial data, medical records or other sensitive information.

Verifications.io claims the data was “built with public information, not client data,” but this declaration doesn’t provide us further information about the company’s compliance with current privacy regulation.

Premium WordPress Themes Download
Premium WordPress Themes Download
Download Nulled WordPress Themes
Free Download WordPress Themes
free download udemy paid course

Tagged with:



Leave a Reply ✍


loading...