Unprotected MongoDB database exposes 763M unique email addresses, ‘business intel’

Share has taken down an unprotected MongoDB database found by researchers last week to contain 150GB-worth of plaintext marketing data including 763 million unique email addresses and various corporations’ revenue data.

“This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection,” Security Researcher Bob Diachenko wrote in a blog post detailing his find. “Some of data was much more detailed than just the email address and included personally identifiable information (PII).”, the owner of the database, pitches itself as an “enterprise email validation” provider. “Unfortunately, it appears that once emails were uploaded for verification they were also stored in plain text,” said Diachenko, who said the company took the database offline immediately after he reported it.

“The data exposed in this leak of nearly 809 million records is unique, and highly exploitable since it includes business intelligence data such as employee and revenue figures from various companies, as well as genders, user IP addresses, email addresses, dates of birth and more,” said Chris DeRamus, CTO at DivvyCloud. “If a bad actor were to discover this massive trove of data, they could easily validate the contact information for the users included to launch a more focused phishing or brute force campaign.”

Noting that “data is king—collecting, storing and leveraging data is essential to running just about any type of business you can think of,” DeRamus urged organizations to “be diligent in ensuring data is protected with proper security controls.”

Dtex Insider Threat Intelligence Team Manager Armaan Mahbod said 98 percent of assessments that were run “for the Dtex 2019 Insider Threat Intelligence Report detected incidents of data left exposed in the cloud because of human error, which is one of the most common forms of insider threat taking place within the public and private sectors today.” The reason these leaks occur time and again, Mahbod said, is “negligence, lack of training, misunderstanding of how to password protect cloud services, and an inability to see how users are interacting with data.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.