Close to 1 billion email accounts were leaked by a marketing company in what some researchers are calling the “biggest and most comprehensive email database” breach ever.
The Daily Mail reported that personal information from 982 million email accounts included names, gender, dates of birth, employers and even home addresses in the database. The info did not contain passwords or credit card details.
The online database was created by a company called Verifications.io, which reportedly had no security measures in place. The company offered an “enterprise email validation” service for marketing companies to check whether email addresses were valid or not.
Cybersecurity expert Bob Diachenko discovered the breach and contacted the Verifications.io support team. The company has since taken down its website. It’s not clear whether hackers got hold of the information or not.
Diachenko did some checking by cross-referencing the breached info with the HaveIBeenPwned database, which lists public breaches. He found out that there were new records that had never been exposed before.
“Upon verification, I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection,” Diachenko said in the report. “Some of data was much more detailed than just the email address and included personally identifiable information.”
Verifications.io offered marketers the chance to “verify” email addresses, a common tactic deployed to do the work, which is often tedious and takes a long time. It involves manually sending out emails to see if they’re active or not.
The company, which is based in Estonia, sent out thousands of emails to verify addresses, usually with the only a message saying “hi.”
Once the addresses are verified, marketing companies will start emailing in earnest. It also puts people at risk for robo calls and phishing attacks, which will try to lure even more personal information out of people.