1. April 2019
On this special day, April the 1st, I want to talk about the latest “news”.
In the past couple of days, media got flooded with articles like “Email addresses of almost a BILLION people are leaked in one of the biggest data breaches ever”.
Although data breaches are very common these days, the report about Verifications IO data breach is almost one month old.
The initial investigation over this email verification service started at the end of February, where Bob Diachenko, an independent cybersecurity consultant, discovered that a 150 GB MongoDB instance was hanging online completely unprotected. That means every user online could access personally identifiable information with ease.
Vinny Troia, owner of NightLion Security then joined Bob Diachenko to evaluate the scale of this breach.
Together they discovered over 808 million records in folders named “Emailrecords” (798,171,891 records), “emailWithPhone” (4,150,600 records) and “businessLeads” (6,217,358 records). After a couple of days DynaRisk group added up three additional databases to the mix, bringing the total number to 982,864,972 records.
So not exactly a billion and not exactly people but records. Be very careful when reading such news because it is really to become misinformed. In case you were one of the unfortunate users that experienced this breach – look out for upcoming phishing emails. Usually, they land in your inbox months after the actual breach.
Consider this message a little reminder that the worst thing about this data breach is still to come. If you “let your guard down” like Verifications IO did when reading a phishing mail, then your chances of coming out dry out of this hot water are very low.
Ironically, Verifications IO offered services for ‘Enterprise Email Validation’ and stored all uploaded emails in plain text. We can certainly learn from their mishaps and come down to defining the requirements that would make your online privacy untouched:
If you want to validate the users and give your communication a classified communication channel, then look no further, because StealthMail solution can offer you four aforementioned qualities, if not more.
This email security solution verifies both parties, subjects your emails to modern encryption algorithms and keeps all critical data and keys on your own Azure cloud. StealthMail doesn’t disrupt your IT infrastructure, doesn’t require any learning experience and is available on desktop and mobile devices.
P.S. Remember that we can’t defeat the “human factor risk,” we can only minimize it.