Yet another massive database was found open and unprotected online. Owned by Maropost an email delivery and marketing firm its clients include the New York Post, Shopify Inc., Fujifilm Holding Corp., Hard Rock Cafe Inc. Mercedes-Benz, Shop.com, and Mother Jones among others. . According to CyberNews.com the data base contained about 95 million customer records.
Included in the 95 million records were more than 19 million unique email records belonging to about 10,000 clients.
Researchers at CyberNews discovered the unprotected database in early February. Marketing logs containing the relevant metadata for these emails exposed the exact date and time the emails were sent, who sent them and to whom. The database was found a Google Cloud server.
Maropost seemingly ignored attempts by CyberNews researchers to inform the company of the breach for two months. It was not until federal authorities got involved that Maropost acted. CyberNews researchers informed the Cybersecurity and Infrastructure Security Agency at the U.S. Department of Homeland Security of the data breach.
Maropost did eventually respond with an email from Chief Executive Officer Ross Andrew Paquette. Paquette claimed the email addresses in the database were randomized data the company used for external testing. Researchers learned differently as their tests showed the emails were real and deliverable.