In February 2019, a publicly accessible mongo database with no password for verifications.io was discovered. It is legal to download any and everything on that public database. This breach has exposed:
Compromised accounts: 763,117,241
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses
This breach did not have passwords, this service was a paid service for verifying mailing lists. You upload a list and they send an email to the everyone on the list and it verifies if the email exists by simply looking at bounce backs. It’s a very simple service. There is a significant amount of personal information which is concerning. The write up suggests not all email addresses had all the types of data.
The size of this breach is coincidentally the same size as the last breach we spoke about; but this breach appears to be unique and certainly has a new set of accounts.
Just because the white hat security researchers were only able to find personal information, this doesn’t mean that the passwords were in another database that hackers had found in the years prior. Password resets are still recommended.
However, the good guys properly reported the security issue to verifications.io took quick action and is completely offline now. Check out this archive of their website: https://web.archive.org/web/20190227230352/https://verifications.io/
There is question about the age of the data. The data appears to be many years old.