A security researcher duo named Bob Diachenko and Vinny Troia recently found out a data breach, an unencrypted and publicly accessible MongoDB database sizing around 150 gigs which contained detail information in plain text about millions of individuals and companies.
The source of this leak or hack appears to be an email verification company called verification.io. Verification.io had more than 982 million email address on its website.
Major Concerns after the Data Breach
The breach is not only one of the largest reported breach ever the amount of data it holds is concerning.
The database not only included email address but it has names, gender, date of birth, employer, social media accounts and home and work address. What is more concerning that database also held the business intelligence data income of the employees.
When the researcher duo reported the leak to the company they took the database offline and removed their traces from it.
The data does not contain any credit card or password information. The password found in the database were of verificatio.io internal infrastructure.
When data is available to the scammers in plain text and well aggregated it can be more dangerously used.
What does Verification.io do?
Verification.io is an email validator which means that they check that the address a user is entering while signup for a service is valid or not.
Even though several companies have there own in-house mechanisms but they go towards a third-party system like verification.io to avoid being blacklisted by spam filters.
Essentially validation service sends out spam to verify the mailing list of their client so that client can evade the spam filter of email providers like Gmail.
What’s next for the users?
The researcher will be adding the data to haveibeenpawned for the people who want to check whether they are affected by the breach or not. Troy Hunt said that more than 35 % of email address was new to the database. Verification.io has been the second largest data dump ever.