800+ Million Emails Leaked Online by Email Verification Service
Found on Security Discovery on Friday, 08 March 2019
On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported.
In addition to the email databases this unprotected Mongo instance it also uncovered details on the possible owner of the database – a company named ‘Verifications.io’ – which offered the services of ‘Enterprise Email Validation’. Unfortunately, it appears that once emails were uploaded for verification they were also stored in plain text.
Verifications.io seems to be down and gone now. Nothing to be sad about, because it looks like all they did was to spam the submitted email address with pointless mails to filter out those which are dead. So, more like a tool for spammers than for legit business people.