[Download]

An Email Marketing Company Left 809 Million Records Exposed Online

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters.

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing dataincluding 763 million unique email addresses. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be "business intelligence data," like employee and revenue figures from various companies.The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

Instead, they vet a customer's mailing list to ensure that the email addresses in it are valid and won't bounce back.

But fully verifying that an email address works involves sending a message to the address and confirming that it was deliveredessentially spamming people. Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.

"Companies have email lists and want to start emailing them, but theyre not sure how valid they are," says Troia, who founded the firm Night Lion Security. "So they go to a company that will essentially send out spam." Troia speculates, but has not confirmed, that the database may be so large and varied because it comprises all of Verification.io's customers' data.

People's personal information is shared by massive companies like Facebook, bought and sold by shady marketers, or stolen from data giants and doomed to circulate endlessly in the purgatory of criminal forums. The churn makes it difficult for consumers to control who has their data and where it ends up.

Original article
Author: Wired

Wired has recently written 10 articles on similar topics including :
  1. "The social network kept hundreds of millions of user passwords unscrambled, and employees could search them". (March 21, 2019)
  2. "The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it". (August 21, 2019)
  3. "The TajMahal spyware includes more than 80 distinct spy tools, and went undetected for five years". (April 10, 2019)
  4. "Opinion: Utah legislators recently voted to pass landmark legislation in support of a new privacy law. Statehouses across the country should take notes". (March 22, 2019)
  5. "On Wednesday, Mark Zuckerberg laid out a vision for a very different Facebook—with a lot of unknowns about how to get there". (March 7, 2019)
  6. "For the past four years, Facebook has quietly used a homegrown tool called Zoncolan to find bugs in its massive codebase". (August 17, 2019)
  7. "Who needs the dark web? Researchers found 74 groups offering stolen credit cards and hacking tools by conducting simple Facebook searches". (April 5, 2019)
  8. "The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny". (July 17, 2019)
  9. "Ad trackers are out of control. Use a browser that reins them in". (June 16, 2019)
  10. "Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question". (December 20, 2018)
Posted on  , ,