14 DAY TRIAL // On September 17, security researcher Bob Diachenko found a publicly accessible MongoDB database containing 43.5 GB of data and 10.999.535 Yahoo e-mail addresses.
Among other details, each record contained in the database included an e-mail address, the full name and gender, and other sensitive personal data such as the city and zip code, together with a physical address.
More importantly, besides the e-mail address, the database also had information about the status sent by the mail server when contacted, detailing if the message was delivered or the server rejected the email.
As discovered by Diachenko the database was online and exposed since September 13 when the Internet-connected device search engine indexed it, with a "compromised" tag and a 0.4 BTC ransom note.
The exposed database was found to be connected with the Coupon.com-powered Saverspy service
The weird part is that, although being successfully breached and the bad actors were asking the database owners for ransom, the database was not encrypted when the researcher accessed it.
The exposed database did not come with any hints about who owned the leaked data, but Diachenko found clues that the recorders could have been used as part of an e-marketing campaign ran by SaverSpy, a website known for dealing with offers from Coupons.com.
Diachenko contacted both organizations found to be related with the exposed e-marketing database and, despite not receiving an answer from any of them, the database was taken offline soon after his contact attempts.
Even though Diachenko did not find any payment card data or phone numbers, the e-mail addresses and the e-mail status fields on each of the 11 million leaked records are a dream come true for scammers, phishers, and spammers, with a broad array of attack vectors.
Another spam (?) operator's dataset in the wild, with unusually high level of details: 11 million records. Name/lastname/zipcode/city/state/address. pic.twitter.com/rNR9SNZFCI — Bob Diachenko (@MayhemDayOne) September 17, 2018
