The personal data of nearly one billion people are exposed online because of the terrible practices of a marketing company that apparently has disappeared without a trace since the incident, reported the authors of the book ‘Learn ethical hacking’ and experts from the International Institute of Cyber Security (IICS).
According to reports, about 980 million email addresses are exposed, so the authors of ‘ Learn ethical hacking’ consider one of the largest and most extensive data breaches to be registered. Compromised information includes full names, date of birth, genders and social media account information, etc.
A cybersecurity investigation discovered the massive database exposed online without any kind of protection. According to the authors of ‘Learn ethical hacking’, the database was created by a company called Verifications.io, which offered business email validation services.
After the incident was known, Verifications.io website was shutdown and no representative of the company issued a single statement. There is not much information about this company; in addition, it is believed that its operators work in anonymity due to the dubious tactics they employ.
Bob Diachenko, specialist in finding exposed databases, was the one who reported to the administrators of the site of Verificatios.io on the massive exposure of data; hours later, the company’s website was offline.
It is still unknown if any malicious user managed to access the exposed database, although this possibility should not be ruled out, considers the expert. Diachenko added that the passwords and payment card details were not exposed, although it is possible to find some financial details of the exposed users, such as annual revenues, workplaces, types of cards, etc. Diachenko concluded by saying, “maybe this is the biggest database I’ve ever reported”.
Usually, marketing companies work with verification services like the one offered by Verifications.io to send massive emails to huge email lists that require validation, that is to say, whether they are active or even real.
These types of security incidents are especially dangerous for victims, as they expose them to an increased risk of spam campaigns, unwanted calls, or even identity fraud.