Last Monday, independent security researcher Bob Diachenko uncovered an open customer database with over 11 million records. The information included customer’s names, email addresses, zip codes, and home addresses. All of the emails were Yahoo! based, so it was probably part of a bigger database. Read on to learn more.
Where’s the data from?
Diachenko had to dig to locate the owners of this database. He traced many customers to SaverSpy, a site that offers discounts and coupons without registration– the discount codes are sent to mobile numbers or email addresses.
This same method of coupon distribution is used by Coupons.com, a Quotient Technology web page. Diachenko reached out to notify Quotient Technology but their representative informed him SaverSpy was only part of an affiliate program.
This unguarded database was taken down a few hours later but SaverSpy has not made any public claim of responsibility and it’s unsure whether they’ll reach out to affected customers.
Though the database is now secure, you can be sure phishers and scammers will try to target the people whose contact information was exposed. However, since the data had remained intact (not encrypted) by the time Diachenko stumbled on it last Monday, September 17th, there’s been speculation that the attack was a botched automatic takeover.
This is the second MongoDB slip-up Diachenko reported on this month, with the first being last week’s Veeam breach.
Take some precautionary measures:
- Try Dashlane today here! Dashlane helps you change your passwords quickly and recover your accounts when you’ve experienced a breach. You’ll even get automatic, personalized alerts when warning you of a breach. You will wonder how you ever lived without it. Try it today!
- Install McAfee on all of your devices for 24-7 protection and encryption. McAfee offers real-time encryption and you can try it for 50% off here!
- Subscribe to our FixMeStick newsletter here to get the latest tech news sent straight to your inbox.