Marketing company accidentally reveals 49 million personal data

The marketing company Straffic has mistakenly made 49 million personal data transparent. The login details for a database of the company could be found online, which made it possible to view e-mail addresses, addresses, telephone numbers and other data.

Straffic itself has stated in a statement that a security vulnerability has been found on one of the servers that the company uses. After discovery, Straffic says the vulnerability has been fixed, and there would be no evidence that the data was being misused. However, the statement contains no further details about what exactly went wrong.

More information comes from someone who goes by the name of 0m3n on Twitter. He was exposed to spam messages for a while and decided to look for the source. His search led him to a web server that contained a file containing credentials for an Elasticsearch database owned by Straffic, he told Data Breach Today.

With the credentials 0m3n found, he was able to access the database, which allowed him to search 140GB of files. He found all kinds of personal information, such as names, addresses and phone numbers of people. E-mail addresses and the gender of the people included in the database could also be found.

Although Straffic indicates that there is no evidence that the data is being misused, the fact that 0m3n received spam messages for a while seems to prove the opposite. For the rest, however, it is not clear who has had access to the data and who currently has it in their hands.