Breach Brief – Verifications.IO Exposes 2B Records!
Data has become like so much air. It’s everywhere. With that being said we’d like to report that Verifications.IO has dropped another 2 billion on us.
The company is an email verification service used by marketers. Marketers provide Verifications.IO with email addresses to screen and validate before launching an email marketing campaign. Apparently Verifications.io has been collecting public contact information and private financial data for customer profiles. This includes mortgage data and credit score information.
There is no evidence that the records were actually stolen or used by criminals. Instead the records were found sitting in a data base, unsecured, unencrypted, and available to anyone.
Bleeping Computer reported that an unprotected MongoDB database was discovered by security researcher Bob Diachenko. Diachenko determined the data was new and not from a previous breach and traced the data back to Verifications.IO
While researchers found no evidence passwords or social security numbers were compromised in the data breach information contained in the data breach include;
Email addresses connected to social media profiles
Date of birth
Mortgage amounts and interest rates
Estimates of credit scores
Security researcher Bob Diachenko, says that “although not all records contained the detailed profile information about the email owner, a large amount of records were very detailed.”
At the time of this report Verifications.IO was offline with no information when the site would return.