The email addresses and personal information of 982 million people were compromised in a leak from an unsecured database.
The database belonged to Verifications.io, an “email validation service” that aggregates and sells information about the validity and personal data associated with email lists. Security researcher Bob Diachenko found the information in an unsecured 150GB-sized MongoDB database.
“This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection. Some of the data was much more detailed than just the email address and included personally identifiable information (PII),” wrote Diachenko in a blog announcing his findings.
The leaked data consisted primarily of email addresses, but several million records also included owner names, social media account information, phone numbers, birthdates, and mailing addresses, as well as email server information, keywords to avoid in emails, and IP addresses to blacklist.
After confirming the data, Diachenko brought it to the company’s attention. Verifications.io initially took the database offline, but now appears to have ceased operations entirely.