1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

A shady email marketing company left 800 million email address exposed online, then disappeared...

  1. When companies want to send out marketing material to a large email list, the first thing they do is validate the list to make sure the addresses on it are real. This is difficult to do because it usually involves sending a real email to everyone on the list and checking to see if any messages bounce. Because of this difficulty and spam filters, marketing campaigns usually outsource this type of verification to third parties.

    Verifications.io was one of these such companies and their massive database was just discovered online. Security researchers Bob Diachenko and Vinny Troia found the MongoDB instance and were surprised at both its size and contents. In addition to email addresses, it also contained large amounts of personally identifiable information (PII), business analytics data, credit ratings, social media accounts, and more.

    Most of the data in this list is generally publicly available, but aggregating a collection of it together can be used for many nefarious purposes. For example, if an attacker wants to break into a company, he can use the list to search for likely password matches or gain other information useful social engineering.

    The researchers were interviewed by Wired for an in-depth article on the issue. They aren't sure if the list was accessed by anyone else, but it was certainly available to anyone on the internet. The data has been added to the HaveIBeenPwned database which can be used to see if your data was affected. It's always a good idea to check this service periodically and change any passwords associated with accounts that come up as pwned in the database.

    Not much is known about Verifications.io since these companies often employ shady spam tactics to verify their email lists. After the database was discovered, their website had been taken down and they were unavailable for comment.

    Permalink to story.

     
  2. wiyosaya

    wiyosaya TS Evangelist Posts: 4,131   +2,420

    Is there such a thing as an e-mail marketing company that is not shady?
     
  3. gamoniac

    gamoniac TS Evangelist Posts: 360   +103

    I can't find the name of the email marketing company in this article. As a news site, I find this lack of info for verification a bit disappointing.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...