[Download]

An Email Marketing Company Left 809 Million Records Exposed Online

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters.

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing dataincluding 763 million unique email addresses. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be "business intelligence data," like employee and revenue figures from various companies.The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

Instead, they vet a customer's mailing list to ensure that the email addresses in it are valid and won't bounce back.

But fully verifying that an email address works involves sending a message to the address and confirming that it was deliveredessentially spamming people. Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.

"Companies have email lists and want to start emailing them, but theyre not sure how valid they are," says Troia, who founded the firm Night Lion Security. "So they go to a company that will essentially send out spam." Troia speculates, but has not confirmed, that the database may be so large and varied because it comprises all of Verification.io's customers' data.

People's personal information is shared by massive companies like Facebook, bought and sold by shady marketers, or stolen from data giants and doomed to circulate endlessly in the purgatory of criminal forums. The churn makes it difficult for consumers to control who has their data and where it ends up.

Original article
Author: Wired

Wired has recently written 10 articles on similar topics including :
  1. "It’s not about keeping you safe from Facebook’s data-hoovering efforts. It’s about competing with other messaging platforms". (March 7, 2019)
  2. "The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny". (July 17, 2019)
  3. "Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework". (July 7, 2019)
  4. "The social network kept hundreds of millions of user passwords unscrambled, and employees could search them". (March 21, 2019)
  5. "Prosecutors in New York reportedly are investigating the company's sharing agreements with other firms, which may have exposed personal information without user consent". (March 14, 2019)
  6. "The Facebook CEO chatted with WIRED's editor in chief about building a "privacy-focused" social network and the trade-offs he’ll need to make". (March 7, 2019)
  7. "In the latest in its long string of incidents this year, Facebook let developers access the private photos of 6.8 million users". (December 15, 2018)
  8. "On Wednesday, Mark Zuckerberg laid out a vision for a very different Facebook—with a lot of unknowns about how to get there". (March 7, 2019)
  9. "Mark Zuckerberg is laying out a vision of Facebook’s privacy-focused future. But what about its business model?". (March 6, 2019)
  10. "Alex Stamos' Stanford-based project will try to persuade tech firms to offer academics access to massive troves of user data". (July 25, 2019)
Posted on  , ,