Last week, security researchers discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses.
The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be “business intelligence data,” like employee and revenue figures from various companies. In general, the 809 million total records in the trove include standard information like names, email addresses, phone numbers, and physical addresses. But many also include things like gender, date of birth, personal mortgage amount, interest rate, Facebook, LinkedIn, and Instagram accounts associated with email addresses, and characterizations of people’s credit scores (like average, above average, and so on).
The data doesn’t contain Social Security numbers or credit card numbers, and the only passwords in the database are for Verifications.io’s own infrastructure. Overall, most of the data is publicly available from various sources, but when criminals can get their hands on troves of aggregated data, it makes it much easier for them to run new social engineering scams, or expand their target pool.
Read more at WIRED.