Whether it’s accidental or an intentional attack by hackers, database leaks are the worst scenarios for any organization. Apart from lawsuits, data breach incidents trouble the companies in many ways – they impact brand image, cause lost business from clients, a decline in customer base, and lead to potential phishing attacks.
Recently, security researchers at Cybernews discovered an unprotected database, that belongs to marketing automation platform provider Maropost Inc., exposing email records of over 95 million individual customers. The researchers said the exposed database included more than 19 million unique email records belonging to over 10,000 clients, including The New York Post, Hard Rock Cafe Inc., Shopify Inc., Fujifilm Holding Corp., and Mother Jones. The leaky database is hosted on Google Cloud server located in the U.S. The database also included email logs of Maropost’s marketing campaigns.
Soon after the discovery, the researchers notified Maropost about the database leak. It’s unclear how long the data was exposed online and if any malicious actors have accessed it. However, according to the researchers, the database is now secure and no longer accessible.
Potential Threats from Data Leaks
Maropost’s data leak has threats involved as attackers might take advantage of the sensitive information and could launch targeted phishing attacks, engage in account takeover fraud, or even sell the stolen data on the dark web. Hackers could blackmail Maropost’s clients by threatening to hand over their marketing lists to the competitors, spam email IDs, or brute-force the passwords of the exposed email addresses.
In its similar breach discovery, CyberNews found an unsecured database comprising of over 800 GB of personal records of more than 200 million Americans. According to the research team, the owner of the unprotected database is untraceable. It’s believed that the exposed data may have originated from the U.S. Census Bureau. Based on the data structure, it’s suspected that the database belonged to a data marketing company or a credit company. The research team stated that they were unable to track the owner of the leaky database and opined that the unidentified party might be an ethical hacker who simply deleted the data to prevent cybercriminals from taking advantage of it.