found an unprotected server exposing online 4 MongoDB databases belonging to the email validation

A new mega leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing:

  • emailrecords = 798,171,891 records
  • emailWithPhone = 4,150,600 records
  • businessLeads = 6,217,358 records

email addresses, phone numbers, business leads, and other personal information. Initially, it was discovered only an unprotected database, but the situation is worse than initially thought because cyber security firm Dynarisk announced that there were four databases exposed online. 4 MongoDB exposed  - 4 databases dynarisk MongoDB - More than 2 billion records exposed online by Verifications.ioSecurity Affairs
Source The Register

The four databasewere hosted on the same server that was exposed to the Internet. The original discovery was related to the database namedmainEmailDatabase,” now the server is no longer accessible.

Security experts have revealed that there are more than billion records weighing in at 196GB.

“As a result, 2,069,145,043 records (made up of both individual consumers and businesses) have been leaked, accessible to anyone with the know-how to find it.” reads the post published by Dynarisk.

“Four databases were leaked, totaling over 196 gigabytes of personal and professional information suitable for cyber criminals to launch attacks.” MongoDB archive exposed  - MongoDB archive exposed - More than 2 billion records exposed online by Verifications.ioSecurity Affairs

The huge trove of information is a gift for actors that can use them to carry out several malicious activities, including phishing campaign, scams, telephone push payment fraud, and Business Email Compromise.

According to Dynarisk, the databases were operated by, which provides email validation, at the time of writing the website is off line.

The good news is that the archives don’t include financial data, medical records or other sensitive information. claims the data was “built with public information, not client data,” but this declaration doesn’t provide us further information about the company’s compliance with current privacy regulation.

Pierluigi Paganini

(SecurityAffairs –, Data Leak)

Source link

No tags for this post.


Please enter your comment!
Please enter your name here