The security researchers Bob Diachenko and Vinny Troia have discovered an unsecured, publicly accessible MongoDB database, in which almost 809 million e-mail addresses and other data can be found in plain text.
Researcher Bob Diachenko writes that on 25 February he found a MongoDB database with 150GB of data that was not protected by a password. He calls this ‘perhaps the largest and most comprehensive e-mail database’ he has ever reported on.
It is not only about e-mail addresses, but also names, telephone numbers, and physical addresses. But that is not the only thing; also sexes, IP addresses, birth dates, mortgage information, interest rates are in the database. In addition, there is also business information, such as data about the employees and turnover figures of all kinds of companies.
The unsecured database in question is the property of e-mail marketing company Verifications.io and was immediately taken offline by the company after Diachenko reported it. This company does not send e-mails itself but examines customer databases to ensure that the e-mail addresses are valid. The company simply does this by sending people an e-mail; if it arrives correctly, the e-mail address will be validated in the database.
Wired writes that security researcher Troy Hunt has added the data from the company Verifications.io to his website Have I Been Pwned. According to him, 35 percent of the e-mail addresses from the unsecured database are new to the HaveIBeenPwned database. This service can be used to check for leaked login data.