Database with 11 Million Email Records Exposed (Security Breach)

21 Sep

More than 11 million records of customer database have been discovered unprotected last Monday. The data includes personal credentials and sensitive information. The hosting infrastructure from Grupo-SMS USA, LLC was providing data from MongoDB. Anybody who can find the path to it could easily it.

The independent security researcher, Bob Diachenko found this information with the help publically available tools for scanning the Internet. The research showed that on September 13, the dataset was last indexed by Shadon search engine. It is unknown that for how much time it was available for access before September 13. The depth analysis shows that there was data collection was 43.5 GB large and contained more than 10.999.535 email address. All these emails were from Yahoo. The data also hold name, addresses, ZIP code, State, Residence etc.

Using these types of data, the cyber-criminals can boost their shady business and illegal activities. They can scam through bogus tech support service, botnet herders, crypto-mining, spam email campaigns, malware attacks and so on.

A sample shared by Diachenko shows that many records were of the users of SaverSpy website that provides digital discounts and printable for a wide variety of products. SaverSpy works as an affiliate program and provides offers and coupons for which is website of “Quotient Technology”. When asked to “Quotient” about this security breach, the company said that there is no breach from their end.

The privacy-policy page of SaverSpy says that the website collects user’s information such as name, address, phone number, Email ID , geographical location when user register on the website. Interestingly, there is no sign-up option on the website but there is  a subscribe option through Email ID.

Database Unreachable but Others had Access

In a blog post today, the researchers writes that the database was tagged as “Compromised” in Shodan and the owner was demanded to pay 0.4 BTC as ransom. However, the information was intact hence it could be assumed that this was a failed attempt as the scripts didn’t worked properly.

Leave a Reply