Cyber security news for all

More

    db8151dd breaches contact management company and disclose 22 million emails

    Another day, another data breach by “db8151dd”.

    Security researcher Troy Hunt has revealed details of the huge open Elasticsearch database he found online. Nicknamed db8151dd; the database contains unique details for approximately 22 million people, including their name, email address, phone number, real address, social media profile, and title.

    HaveIBeenPwned fame Troy Hunt claimed he had discovered the db8151dd database in February. Hunt reveals that the database contains approximately 90GB of data and that the collection of information is on its own, rather than breaching public sites like many similar incidents in the past.

    For example, Hunt reveals that including phone numbers are rare in such databases, but phone numbers are available in this case. He also noted that they strategically place personal files alongside people with whom they have interacted in the past. Surprisingly, it appears that the database has recognized the link between the two people.

    upload

                                     Screenshot of “db8151dd” data shared by Hunt.

    In conclusion, the database can come from or establish contact with the customer relationship management system. According to his blog article, Hunt conducted a three-month investigation and obtained only three leads. These are the following three sentences that repeatedly appear in the data:

    “This contact information is synced from Exchange. If you want to change the contact information, open OWA, and make the changes here.”

    “Export from Microsoft Outlook (do not delete).”

    “A contact created by Evercontact. (Evercontact is a contact management application available on Android)”.

    Hunt Tweeted about the breach

    tweet

    However, on May 15, Covve, a Cyprus-based contact management solutions company, acknowledged the violation. Hunter also confirmed the identification of the source of the violation as the Covve Contacts app. This also explains the strategic location of the data because Covve uses an AI (artificial intelligence), compliant contact manager.

    “On Friday the 15th, we learned of security incidents on the platform. Our team immediately began an investigation to determine the source and nature of the incident. A third party corrupted user data”. The company said that “our old system has been taken out of service.”

    Recent Articles

    Police warn of a scam with fake websites on the Airbnb

    The apartment is centrally located and costs less: what looks like a great offer could be an attempt at fraud. The police in Europe...

    Significant increase in attacks with macOS specific macro malware

    Security researcher Patrick Wardle has observed a significant increase in attacks with macOS specific macro malware. As he explained in his lecture on Wednesday...

    China controls news with offline and online media

    The relationship between western countries and China is ambivalent. Only as a cheap production location and increasingly also as a basis for sales and...

    Russia’s GRU hackers hit the U.S. government and energy targets

    Some hackers have notoriety when it comes to the execution of their breach. GRU is one of these "elite" hacking gang. GRU is a Russian...

    U.S Offers $1 Million Bounty Reward for SEC Hackers

    (Left) Artem Radchenko (Right) Oleksandr Ieremenko   Two Ukrainians nationals, Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko are on the run from the law. The announcement did not...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox