3/11/2019 In February 2019, a publicly accessible mongo database with no password for verifications.io was discovered. It is legal to download any and everything on that public database. Verifications.io is an email verification and marketing company that led to the exposure of one of its clients (MongoDB) database to the public. Importing ecoinvent database in ecospold format for mac. According to security researcher Troy Hunt, owner of HaveIBeenPwned, 35% of the data exposed by Verifications.io is new to his database. With that said, it was the second largest data dump added in terms of email addresses to Hunt’s website, which allows users to check whether their data has been exposed or breached.
- Verifications.io Database List
- Verifications.io Database Management
- Verifications.io Database Download
An email validation company that allowed marketers to verify the accuracy of their lists has leaked a massive amount of email accounts and additional Personally Identifiable Information (PII), in one of the largest data breaches ever recorded.
Cybersecurity researcher Bob Diachenko discovered an unsecured database that contained 982 million email accounts, paired with additional PII including people’s names, gender, dates of birth, employers, and home addresses. He then traced the source of the database back to the company Verifications.io, which has since removed the database, shut down their website, and apparently ceased to exist. The database of information could be accessed by anyone who knew where to look — no sophisticated hacking skills necessary.
Has Your Data Been Breached?
Verifications.io Database List
What’s disturbing about this latest mega breach is that no one, including security researchers, knows how it got there. Even fewer people have probably heard of the company involved.
Verifications.io Database Management
When cybercriminals get their hands on a database of emails and other personal information as large as this, it’s a feeding ground to launch phishing attacks and other campaigns that can lead to identity theft and fraud. All it takes is two pieces of PII for a bad actor to commit synthetic identity theft, resulting in your information being used to open new bank or credit accounts, commit tax fraud, or even obtain health insurance.
The time to protect yourself, your family, and your employees is now with the industry’s best identity theft protection. Get started with a Free Trial of IdentityForce.
Steve Turner
Steve, former Chief Information Security Officer (CISO) at Sontiq, the parent company of the IdentityForce, Cyberscout, and EZShield brands, has over 30 years of extensive experience managing security teams and continuous improvement initiatives around the security of IT systems, including disaster recovery, security, and PCI Compliance.
See All of Steve Turner's Posts
15-min Webinar | COVID-19 Scam Update — Insight and Tips for Eradicating Heightened Fraud Sontiq Alert | Microsoft Exchange Servers Hacked Download: Keys for Keeping Your Identity Safe During Tax Season
Identity Protection is a Tax Benefit
A new IRS ruling recognizes employer paid ID theft protection as a non-taxable, nonreportable benefit.
You can deduct this cost when you provide the benefit to your employees.
Download the IdentityForce App Today
IdentityForce has been protecting government agencies since 1995.Tweets by IdentityForce
Questions?
Call 1-877-694-3367Send us an emailLive ChatProtect What Matters Most.™IdentityForce is a leading provider of proactive identity, privacy and credit protection for individuals, businesses, and government agencies.
Subscribe to our Newsletter for Identity Theft Updates:
Thank you for signing up.
2019 already feels like it’s worlds away, but the data breaches many consumers faced last year are likely to have lasting effects. As we look back on 2019, it’s important to reflect on how our online security has been affected by various threats. With that said, let’s take a look at the biggest breaches of the year and how they’ve affected users everywhere.
Capital One breach
In late July, approximately 100 million Capital One users in the U.S. and 6 million in Canada were affected by a breach exposing about 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and more. As one of the 10 largest banks based on U.S. deposits, the financial organization was certainly poised as an ideal target for a hacker to carry out a large-scale attack. The alleged hacker claimed that the data was obtained through a firewall misconfiguration, allowing for command execution with a server that granted access to data in Capital One’s storage space.
Facebook breach
In early September, a security researcher found an online database exposing 419 million user phone numbers linked to Facebook accounts. The exposed server was left without password protection, so anyone with internet access could find the database. The breached records contained a user’s unique Facebook ID and the phone number associated with the account. In some instances, the records also revealed the user’s name, gender, and location by country.
Collection #1 breach
Verifications.io Database Download
Last January, we met Collection #1, a monster data set that exposed 772,904,991 unique email addresses and over 21 million unique passwords. Security researcher Troy Hunt first discovered this data set on the popular cloud service MEGA, specifically uncovering a folder holding over 12,000 files. Due to the sheer volume of the breach, the data was likely comprised of multiple breaches. When the storage site was taken down, the folder was then transferred to a public hacking site, available for anyone to take for free.
Verifications.io breach
Less than two months after Collection #1, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm Verifications.io. This company provides a service for email marketing firms to outsource the extensive work involved with validating mass amounts of emails. This service also helps email marketing firms avoid the risk of having their infrastructure blacklisted by spam filters. Therefore, Verifications.io was entrusted with a lot of data, creating an information-heavy database complete with names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, and more.
Orvibo breach
In mid-June, Orvibo, a smart home platform designed to help users manage their smart appliances, left an Elasticsearch server (a highly scalable search and analytics engine that allows users to store, search, and analyze big volumes of data in real-time) online without password protection. The exposure left at least two billion log entries each containing customer data open to the public. This data included customer email addresses, the IP address of the smart home devices, Orvibo usernames, and hashed passwords, or, unreadable strings of characters that are designed to be impossible to convert back into the original password.
What Users Can Learn From Data Breaches
Data breaches serve as a reminder that users and companies alike should do everything in their power to keep personal information protected. As technology continues to become more advanced, online threats will also evolve to become more sophisticated. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of massive data leaks. If you think you might have been affected by a data breach or want to take the necessary precautions to safeguard your information, follow these tips to help you stay secure:
- Research before you buy.Although you might be eager to get the latest new device, some are made more secure than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks these features, consider upgrading.
- Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
- Use strong, unique passwords. Make sure to use complex passwords for each of your accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords consistently to further protect your data.
- Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
- Use a comprehensive security solution. Use a solution like McAfee Total Protection to help safeguard your devices and data from known vulnerabilities and emerging threats.
Stay Up to Date
To stay on top of McAfee news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.