Verifications.io breach: Database with 2 billion records leaked

Verifications.io breach is one of the largest data breaches but the good news is that it does not involve passwords.

Another day, another data breach; this time the email validation service Verifications.io has leaked a humongous database containing personal and sensitive records of more than 2 billion individuals around the world.

Verifications.io breach – What happened

It all began on March 7, 2019, when Security Discovery’s researcher Bob Diachenko published a blog post reporting that he discovered an unsecured 150GB MongoDB database tracked back to Verifications.io containing more than 800 million (808,539,939) records.

See: MongoDB database exposes personal data of 66M users

Diachenko then teamed up with Troy Hunt of HaveIbeenPwned (HIBP)and after analyzing the database revealed that it contained sensitive details such as names, physical addresses, phone numbers, email addresses, date of birth, gender, employers, geographic location, IP address, and job titles.

Diachenko broke down the data as:

  • Emailrecords (count: 798,171,891 records)
  • emailWithPhone (count: 4,150,600 records)
  • businessLeads (count: 6,217,358 records)

Although the leaked data did not include passwords, Hunt on behalf of HIBP informed millions of victims through emails on March 10th, 2019. Diachenko, on the other hand, informed Verifications.io about the breach and since then Verifications.io domain has been offline.

Verifications.io breach: Database with 2 billion records leaked

Screenshot detailing the data (left) – Screenshot of the email sent by HaveIbeenPwned (right)

Leaked data is 2 billion not 800 million

While it was believed that the exposed data contained 800 million records, according to DynaRisk, a UK based cybersecurity company revealed that the actual leaked data is way more than previously anticipated. In fact, the company’s CEO Andrew Martin told SC Media that the MongoDB database actually exposed four databases not one and the actual amount of exposed data is 2 billion (2,069,145,043) not 800 million.

Martin further explained that their security researchers conducted their own investigations revealing that the compromised servers were set up in Miami while the size of the database was 196GB, not 150GB. What’s worse is that the other 3 databases contained additional user data including their characterizations credit scores, interest rate, personal mortgage amount, emails linked to their social media profiles on Facebook, Instagram and LinkedIn.

Read the entire story here:


Curated by Liquid Layer Networks

At Liquid Layer Web Hosting [LiquidLayer.net], we’ve made a shared web hosting platform that’s both feature-rich and easy to make use of. Our programmers have built up a custom Linux cloud web hosting platform plus an innovative Control Panel that perfectly takes advantage of its capabilities. After long hours of programming and bug fixing on our end, we are now capable to guarantee that all of our shared web hosting services are safe, virus-free, full of capabilities and very easy-to-work-with. In addition, they feature 99.9% server uptime as well as 99.9% network uptime warranties.

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration, and Internet Services
https://hostcheetah.net | http://hostcheetah.uk


PC Helper | Est 1996 - Web Hosting | US, AU, UK, Finland, Bulgaria | :sunglasses:
https://pchelper.com