Nearly one billion people have had their personal identifying information compromised in what may be the largest single data breach in history. The breach happened when Verifications.io – a company offering to validate email addresses to help businesses purge invalid ones from their subscriber lists – failed to put in adequate protections to shield them from hackers.
As of now, the only thing confirmed is that the data leaked and was vulnerable; it still remains unclear what, if any, information was actually stolen. But given the track record of hackers, there’s little doubt that damage has been done.
The exposed data includes not only the names attached to email addresses, but also the birthdays, genders, social media account details, and even real-world home addresses. It appears that credit card numbers and passwords were not part of the hack.
The breach was uncovered by Bob Diachenko, a cyber security expert. In a post about discovering the hack, he expressed shock at the size of the breach and lamented the exposure of personally identifying and private information.
“This is perhaps the biggest and most comprehensive email database I have ever reported,’ Mr Diachenko wrote in his post,” he said. Upon verification, I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection. Some of data was much more detailed than just the email address and included personally identifiable information.”
Because marketing firms often pay by volume of email sent and can get penalized for low open rates, the type of email validation service offered by Verifications.io is commonly used to ensure the email addresses they collect won’t bounce. Given the spectacularly large size of the breach and the treasure trove of data it potentially released into hackers’ hands, it raises the unfortunate possibility that other platforms offering a similar service may be targeted in the future.