Researchers find an open MongoDB database with 809 million personal data

Security researchers Bob Diachenko and Vinny Troia have discovered an unsecured, publicly accessible MongoDB database that contains a total of nearly 809 million email addresses and other plain-text data.

Researcher Bob Diachenko writes that on February 25, he found a MongoDB database containing 150GB of data, which was not protected by a password. He calls this “perhaps the largest and most comprehensive email database” he has ever reported.

It’s not just about email addresses, but also names, phone numbers and physical addresses. But that’s not all; also genders, ip addresses, dates of birth, mortgage information, interest rates are in the database. In addition, it also contains business information, such as data about the employees and turnover figures of all kinds of companies.

The unsecured database in question is owned by email marketing company Verifications.io and was immediately taken offline by the company after Diachenko reported it. This company does not send emails itself, but examines customer databases to ensure that the email addresses are valid. The company does this simply by sending people an email; if it arrives successfully, the email address will be validated in the database.

Wired writes that security researcher Troy Hunt has added the data from the company Verifications.io to his website Have I Been Pwned. According to him, 35 percent of the email addresses from the unsecured database are new to the HaveIBeenPwned database. This service can be used to check for leaked login details.