Security experts uncovered a 150 GB database exposed online last week. Information leaked from Verifications.io, the company that validates email for email marketing companies. There are more than 800 million records on display, ranging from names, emails, addresses and phones, to social networking credentials, and consumer credit and business finance information.
READ: Millions of Internet passwords leak and go for sale; understand case
According to researchers Bob Diachenko and Vinny Troia, until last week the data could be accessed by anyone. Since then, the Verifications.io site has been taken down. The information has been assimilated to the Have I Been Pwned bank, where individuals can verify that their credentials have been exposed online. This is the second largest collection added to the site: 35% of the 763 million emails leaked were from Have I Been Pwned.
Email checker database exposes victims' credit status from passwords Photo: Pond5
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
The data package surprised those responsible for the discovery not only for its massive size, but also for the unusual level of detail in some records. In addition to standard personal information, many contain gender, date of birth, mortgage amount, interest rate, people's credit scores, Facebook, LinkedIn, and Instagram accounts. Other items in the collection seem to be sales and business related: company names, annual revenue, fax number, corporate websites, and industry identifiers.
Validators like Verifications.io are little known, but they play a key role in the email marketing market. They do not campaign or bulk message. Its function is to help platforms that do this check the validity of their email address lists by finding out which ones are valid. Vinny Troia suspects that the database is so large and varied because of this, since it would be information sent by clients.
Verifications.io, leaked service, an email validation company Photo: Reproduction / Security Discovery
The firm, however, denies and says the records were public and the bank has already been protected. Indeed, there are indications that much of it was already publicly available, but it is unclear how much of the data was indicated. They have been entered into Have I Been Pwned, a service that allows users to check if they have already had compromised information. Of the 763 million unique emails, 35% are new to the collection. It is also worth noting that this is the second largest collection ever added to the site.
It is not known if anyone accessed the data, but it is certain that they were vulnerable. There were no passwords or document numbers in the leak either, however, digital security experts warn of the high risks of exposing structured information like this. They can make it easier for malicious hackers to apply social engineering scams.
There are several websites that show whether your password or other data has already been leaked on the Internet. Google has recently launched an extension for Chrome that warns if the exposure happens.
How to recover Facebook password? Find out on the dnetc Forum.
What ransomware: five tips to protect yourself