The personal data of nearly one billion people are exposed online because of the terrible practices of a marketing company that apparently has disappeared without a trace since the incident, reported the authors of the book ‘Learn ethical hacking’ and experts from the International Institute of Cyber Security (IICS).
According to reports, about 980 million email
addresses are exposed, so the authors of ‘ Learn ethical hacking’ consider one
of the largest and most extensive data
breaches to be registered. Compromised information includes full names,
date of birth, genders and social media account information, etc.
A cybersecurity investigation discovered the
massive database exposed online without any kind of protection. According to
the authors of ‘Learn ethical hacking’, the database was created by a company
called Verifications.io, which offered business email validation services.
After the incident was known, Verifications.io
website was shutdown and no representative of the company issued a single
statement. There is not much information about this company; in addition, it is
believed that its operators work in anonymity due to the dubious tactics they
employ.
Bob Diachenko, specialist in finding exposed
databases, was the one who reported to the administrators of the site of Verificatios.io on
the massive exposure of data; hours later, the company’s website was offline.
It is still unknown if any malicious user
managed to access the exposed database, although this possibility should not be
ruled out, considers the expert. Diachenko added that the passwords and payment
card details were not exposed, although it is possible to find some financial
details of the exposed users, such as annual revenues, workplaces, types of
cards, etc. Diachenko concluded by saying, “maybe this is the biggest
database I’ve ever reported”.
Usually, marketing companies work with
verification services like the one offered by Verifications.io to
send massive emails to huge email lists that require validation, that is to
say, whether they are active or even real.
These types of security incidents are
especially dangerous for victims, as they expose them to an increased risk of spam
campaigns, unwanted calls, or even identity fraud.
