The breach was discovered when two security researchers – Bob Diachenko and Vinny Troia – found a publicly accessible and unsecured database owned by an email marketing company called Verifications.io. The database was taken offline the same day that the researchers contacted the company, but it is still unclear who else might have accessed the data.
Who are Verifications i.o?
Verifications.io is a company that approves or verifies email addresses for third parties. They ensure that third-party email marketing campaigns are delivered to verified email accounts instead of fake ones.
Here’s the potential damage:
- 763 million unique email addresses
- Names, phone numbers, physical addresses, and other sensitive data
- Mortgage information
- Online account names
- Specific data about individual consumers
- Business intelligence consisting of the emails, wages, and other information of employees at various companies
There may be more – analysts are still sifting through the data to identify the most serious potential threats.
Why is this a problem?
From blackmail and corporate espionage to identity theft, the data in this trove can be exploited by hackers and unscrupulous competitors in countless ways. In the coming weeks, analysts will be keeping a close eye on every corner of the internet to see if any of the data from the server is offered up for sale anywhere – or whether it is used to perform any attacks.
The data present in this database would be invaluable to hackers wanting to perform highly effective social engineering attacks.
What can you do to stay safe?
It’s very difficult to predict exactly what sort of threat this breach could present to you because of the different types of data exposed. Here are some tips:
- Watch out for unexpected communications: If you receive any unexpected communications via email, SMS, regular mail, social media, or elsewhere, be extra skeptical. With so much information, hackers will have a very easy time posing as people or services that you trust. Check the URL of any links you click on, the email addresses of any emails you receive, etc. If someone contacts you asking for money or to otherwise put your data at risk, try contacting that person through a different channel to see if that message really came from them. Remember: a message isn’t legitimate just because it contains your private data. This is a common tactic that scammers use to try to get even more information out of you.
- Change your most sensitive passwords: A great move would be to rank your accounts from most sensitive to least sensitive and change their passwords. As far as researchers can currently tell, no passwords were leaked. However, some of the information could be used by hackers to pretend they’re you and retrieve your password. Therefore, beat them to the punch by changing your passwords. Banks can also put your account on a watch list to temporarily freeze your money if they see suspicious activity. If you think your data may be at risk, notifying your bank would be a minor inconvenience that will go a long way towards keeping you secure. In the future, be sure to use this tool to check if your password hasn’t been breached. If you need help coming up with a random password, you can also use this strong password generator.
IMPORTANT: Due to the size and scope of this breach, we will update this post as more information becomes available. For now, we suggest you remain vigilant and read our article on social engineering to learn about the strategies that hackers and scammers might use to capitalize on this massive breach.
Want to read more like this?
Get the latest news and tips from NordVPN.