Cyber security news for all


    db8151dd breaches contact management company and disclose 22 million emails

    Another day, another data breach by “db8151dd”.

    Security researcher Troy Hunt has revealed details of the huge open Elasticsearch database he found online. Nicknamed db8151dd; the database contains unique details for approximately 22 million people, including their name, email address, phone number, real address, social media profile, and title.

    HaveIBeenPwned fame Troy Hunt claimed he had discovered the db8151dd database in February. Hunt reveals that the database contains approximately 90GB of data and that the collection of information is on its own, rather than breaching public sites like many similar incidents in the past.

    For example, Hunt reveals that including phone numbers are rare in such databases, but phone numbers are available in this case. He also noted that they strategically place personal files alongside people with whom they have interacted in the past. Surprisingly, it appears that the database has recognized the link between the two people.


                                     Screenshot of “db8151dd” data shared by Hunt.

    In conclusion, the database can come from or establish contact with the customer relationship management system. According to his blog article, Hunt conducted a three-month investigation and obtained only three leads. These are the following three sentences that repeatedly appear in the data:

    “This contact information is synced from Exchange. If you want to change the contact information, open OWA, and make the changes here.”

    “Export from Microsoft Outlook (do not delete).”

    “A contact created by Evercontact. (Evercontact is a contact management application available on Android)”.

    Hunt Tweeted about the breach


    However, on May 15, Covve, a Cyprus-based contact management solutions company, acknowledged the violation. Hunter also confirmed the identification of the source of the violation as the Covve Contacts app. This also explains the strategic location of the data because Covve uses an AI (artificial intelligence), compliant contact manager.

    “On Friday the 15th, we learned of security incidents on the platform. Our team immediately began an investigation to determine the source and nature of the incident. A third party corrupted user data”. The company said that “our old system has been taken out of service.”

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox