DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

That marketing email database that exposed 809 million contact records? Maybe make that two-plus BILLION. (UPDATED: No, don’t. Those claims are not supported)

Posted on March 8, 2019 by Dissent

Update 1:  Vinny Troia contacted me to question DynaRisk’s claims.  He informs this site that he has all four databases,  has all of the data that is in the Dynarisk screenshots,  and there is nowheres near 2 billion records.  So it seems that this questions is unsettled as yet. DataBreaches.net will be contacting Dynarisk.

Update 2: I’ve sent an inquiry to DynaRisk, but more significantly, I found that this leak had first been discovered and reported  prior to Security Discovery’s report. @Cyber_War_News reported finding it in January. In a chat with @Cyber_War_News this morning, he informed me that there were more than four databases and that they were hosted on a number of IP addresses or servers. While he didn’t run a full analysis of the data, he informs me that there were closer to 2 billion records than 800 million, and that he had notified Bob Diachenko of that after Bob’s report appeared.

So for now, it seems like the larger figure is more likely to be correct.

Update 3 and Correction:  DynaRisk never responded to inquiries from this site, and Vinny Troia sent this site additional statistics and directory structure supporting their claim that there are about 809 million records.  As to CWN, I had misunderstood what leak he was talking about. My apologies to everyone involved.


Original post, which I’m tempted to just delete as inaccurate, but will leave it here with the correction above.

Thomas Claburn reports:

An unprotected MongDB database belonging to a marketing tech company exposed up to 809 million email addresses, phone numbers, business leads, and bits of personal information to the public internet, it emerged yesterday.

Today, however, it appears the scope of that security snafu was dramatically underestimated.

According to cyber security biz Dynarisk, there were four databases exposed to the internet – rather than just the one previously reported – bringing the total to more than two billion records weighing in at 196GB rather than 150GB. Anyone knowing where to look on the ‘net would have been able to spot and siphon off the data, without any authentication.

Read more on The Register.

Category: Business SectorExposureOf Note

Post navigation

← Algonquin College faculty union files grievance over data breach
Tufts expelled a student for grade hacking. She claims innocence →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.