Verifications.io
TypePrivate
IndustryEmail marketing
DefunctMarch 25, 2019 (2019-03-25)
FateData breach
HeadquartersTallinn, Estonia (listed)
Boca Raton, Florida (alleged)
Area served
Worldwide

Verifications.io is a defunct email-focused technology firm whose primary practice was to validate email addresses for email marketing platforms. The company's platform allowed for email marketing firms to submit lists to the company, which would verify the lists for valid email addresses.

Verifications.io shut down in 2019 due to a major data breach, which was reported by some sources to be among the largest in recorded history. The total records within the company's largest single data release was 809 million records, 763 million of which were unique, though the total number of records which were exposed in three additional database leaks from the company would total to over 2 billion records breached.[1]

Operations and company history

Verifications.io offered its clients services which could verify if emails were bounced, or were otherwise inactive, thereby helping email marketers send emails to actual users rather than random email addresses. The firm achieves its verifications by internal servers, which are matched with client records uploaded to the service for their verification. The firm verifies each email by sending a message to each address; if the message does not bounce, the firm considers it verified. Bounced emails are stored on a list which the firm can refer to in the event the same email is presented again.[2]

Verifications.io officially claims to be an Estonian company based out of Tallinn, though many press filings released from and about the company suggested that it was based out of Boca Raton, Florida.[3]

2019 data breach

The first Verifications.io data breach ultimately led to 763 million unique records being exposed to the web, with 809 million if counting duplicated records.[4] The breakdown of the records was 798,171,891 email records; 4,150,600 phone records, and 6,217,358 business lead records. Each record also had the possibility of including a zip code, a physical address, an IP address, a name, a birthday, and the gender of the user.[2] The poor security of the information was credited to a MongoDB file which was not password protected, allowing anybody to access the information with the correct link.[2]

Troy Hunt, the founder of Have I Been Pwned?, has predicted that approximately 35 percent of all records is new to the Have I Been Pwned? database; as of the leak, the Verifications.io breach is the second largest breach added to Have I Been Pwned? after Hunt's own Collection No. 1.[5][6] Many cybersecurity companies showed immediate concern that the data released in the breach could be used for social engineering attacks. Daniel Markuson, the blog editor for the online privacy firm NordVPN, raised concerns that 1 in 9 people in the world could be the targets of a social engineering campaign.[7] McAfee additionally highlighted the databases' possibility to foster social engineering attacks against those whose information was exposed in the database.[5]

According to UpGuard, the first data breach alone ranks as the third largest data breach in history from a single company, falling short only to the Aadhaar data breach and the Yahoo data breach.[8]

The UK security firm DynaRisk however stated that Verifications.io was also linked to three other MongoDB data breaches. All four data breaches combined would total the number of records exposed to over 2 billion. DynaRisk further stated that the three other data breaches contained much more sensitive information, such as interest rates, mortgage amounts, Instagram and LinkedIn profiles linked to leaked emails, and credit scores.[9][10] Cybersecurity professional Bob Diachenko stated that while not every single record contained all the mentioned types of information, a large number of them were "very detailed".[11]

Response from the company

Diachenko emailed the company about the data breach, which responded by stating it was taking "appropriate measures" to correct the breach. By March 4, 2019, the website for the company was taken down.[3] By March 15, MediaPost reported that Verifications.io was out of business.[12]

References

  1. "Verifications.io breach: Database with 2 billion records leaked". 2019-03-11. Retrieved 2023-09-07.
  2. 1 2 3 Diachenko, Bob (2019-03-07). "800+ Million Emails Leaked Online by Email Verification Service". securitydiscovery.com. Retrieved 2023-09-07.
  3. 1 2 Schwartz, Mathew J. (March 11, 2019). "Breach of 'Verifications.io' Exposes 763 Million Records". www.bankinfosecurity.com. Retrieved 2023-09-07.
  4. Hay Newman, Lily. "An Email Marketing Company Left 809 Million Records Exposed Online". Wired. ISSN 1059-1028. Retrieved 2023-09-07.
  5. 1 2 McAfee (2019-03-08). "809 Million Records Left Exposed: How Users Can Protect Their Data". McAfee Blog. Retrieved 2023-09-07.
  6. Newman, Lily Hay. "An Email Marketing Company Left 809 Million Records Exposed Online". Wired. ISSN 1059-1028. Retrieved 2023-09-07.
  7. Markuson, Daniel (2019-03-08). "What you need to know: 1 out of 9 people just got breached". nordvpn.com. Retrieved 2023-09-07.
  8. Ghosh, Dipayan (2020). Terms of Disservice: How Silicon Valley Is Destructive by Design. Brookings Institution Press. doi:10.7864/j.ctvbnm3mc.7. ISBN 978-0-8157-3765-0.
  9. "Verifications.io breach: Database with 2 billion records leaked". 2019-03-11. Retrieved 2023-09-07.
  10. Winder, Davey. "(Updated) 2 Billion Unencrypted Records Leaked In Marketing Data Breach --What To Do Next". Forbes. Retrieved 2023-09-07.
  11. Huskerson, Tom (2019-04-10). "Breach Brief - Verifications.IO Exposes 2B Records!". On Tech Street. Retrieved 2023-09-07.
  12. "Email Vendor Verifications.io Seems To Be Out Of Business Following Breach". www.mediapost.com. Retrieved 2023-09-07.

Official website, archived on February 17, 2019, from the original

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.