[Download]

An Email Marketing Company Left 809 Million Records Exposed Online

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters.

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing dataincluding 763 million unique email addresses. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be "business intelligence data," like employee and revenue figures from various companies.The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

Instead, they vet a customer's mailing list to ensure that the email addresses in it are valid and won't bounce back.

But fully verifying that an email address works involves sending a message to the address and confirming that it was deliveredessentially spamming people. Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.

"Companies have email lists and want to start emailing them, but theyre not sure how valid they are," says Troia, who founded the firm Night Lion Security. "So they go to a company that will essentially send out spam." Troia speculates, but has not confirmed, that the database may be so large and varied because it comprises all of Verification.io's customers' data.

People's personal information is shared by massive companies like Facebook, bought and sold by shady marketers, or stolen from data giants and doomed to circulate endlessly in the purgatory of criminal forums. The churn makes it difficult for consumers to control who has their data and where it ends up.

Original article
Author: Wired

Wired has recently written 10 articles on similar topics including :
  1. "On Wednesday, Mark Zuckerberg laid out a vision for a very different Facebook—with a lot of unknowns about how to get there". (March 7, 2019)
  2. "Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question". (December 20, 2018)
  3. "Mark Zuckerberg is laying out a vision of Facebook’s privacy-focused future. But what about its business model?". (March 6, 2019)
  4. "The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it". (August 21, 2019)
  5. "Who needs the dark web? Researchers found 74 groups offering stolen credit cards and hacking tools by conducting simple Facebook searches". (April 5, 2019)
  6. "The Facebook CEO chatted with WIRED's editor in chief about building a "privacy-focused" social network and the trade-offs he’ll need to make". (March 7, 2019)
  7. "The one-day pop-up kiosk is meant to show that Facebook takes users’ privacy concerns seriously. It also was an opportunity to gather more data". (December 14, 2018)
  8. "Opinion: Utah legislators recently voted to pass landmark legislation in support of a new privacy law. Statehouses across the country should take notes". (March 22, 2019)
  9. "In the latest in its long string of incidents this year, Facebook let developers access the private photos of 6.8 million users". (December 15, 2018)
  10. "The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny". (July 17, 2019)
Posted on  , ,