Yet another major data breach - Verifications.io

[Red Squirrel]

Never even heard of them but apparently they had my info including physical addresses(got an email from haveibeenpwned)... Guess this is kinda like Equifax where you're a customer even if you never asked to be one.

In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

Who the hell makes a database server accessible directly to the internet, and with no password? People need to start doing jail time over this crap. There needs to be more accountability for securing sensitive user information.

 

[BarkingGhostar]

Who the hell makes a database server accessible directly to the internet, and with no password? People need to start doing jail time over this crap. There needs to be more accountability for securing sensitive user information.

People who got themselves hired so that they could do exactly this. How hard is it to believe that there are operators, even minor ones, that seek out to sell something and go about their way in this manner.

 

[TXHokie]

Equifax hired a music major to be its CISO at the time of the breach. Probably clueless as to the goldmine info it owns and how to secure it. It was a pretty big hoopla. But the one that kills me is the OPM hack that had all the data from people’s security clearances.

 

[Red Squirrel]

People who got themselves hired so that they could do exactly this. How hard is it to believe that there are operators, even minor ones, that seek out to sell something and go about their way in this manner.

Like, that it's an inside job? I guess I could see someone doing that. In that case there should definitely be jail time. Tired of hearing of people going to jail for petty crimes, but the real bad guys don't get punished.

 

[BarkingGhostar]

I thend to think inside jobs were those that got hired for a genuine reason and then went sour, as opposed to someone sour getting themselves hired for the specific purpose of committing the crime.

 

[clamum]

Yeah I've gotten notices from HaveIBeenPwned about three or four times in the past month. I admit I'm too dumb/lazy to have investigated them yet though. F'ing scumbags.

 

[Red Squirrel]

I've started just using randomly generated passwords for everything now, so at least when something leaks it only affects that one service. Downside is having to refer to my password manager every time I want to login to something, but it's not that huge a deal as most things like forums etc use cookies anyway, and for stuff like my bank I was using a password manager anyway as that is one thing I didn't mess around with and didn't reuse any passwords.

Actually I should add a QR code feature to my password manager so I could login to stuff easily from my phone too. I eventually want to look at putting it on an air gapped network as well. Could maybe use a bar code reader from the internet connected computer. That would actually be kinda cool... lol.