Security researchers have discovered an unsecured database containing the contact information of more than 9.3 million people, including email addresses, phone numbers, social media data and more.
The latest data exposure comes courtesy of Adapt.io, a company which offers sales and marketing professionals access to a database of (according to the company's website) 37 million business contacts, including 2.7 million C-level and 3.8 million vice-president and director-level contacts.
The unsecured database was initially discovered by security researcher and director of cyber risk research for Hacken, Bob Diachenko, who found a publicly-accessible MongoDB database with no access controls. The database contained 123GB of data on the names, job titles, employers, phone numbers, email addresses, physical addresses and social media profiles of 9.3 million people.
Diachenko initially discovered the data protection problem on 5 November. Hacken contacted the company to disclose the data leak, but so far has received no response from the company.
In its privacy policy, Adapt claims that it "takes precautions, including appropriate administrative, technical and physical measures, to protect Data About Customers against loss, theft and misuse, as well as unauthorized access, disclosure, alteration and destruction".
It also asserts that the company "uses reasonable security controls to protect Business Contact Information" - a claim which would appear to be at odds with the fact that more than 100GB of that information was sitting in an unsecured, publicly-accessible database.
Individuals can check if their data is in the Adapt database by using this form, and can request that they be removed if so.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
A third of cyber attacks exploit unsecure remote workingNews Report claims business leaders are failing to educate employees about cyber security risks
-
Bosses’ lack of cyber security knowledge putting clients at risk, FCA warnsNews The regulator’s multi-firm review has exposed serious shortcomings at the most senior level for many UK firms
-
Facebook plans to move Workplace to its own domainNews The Slack and Teams rival will be getting its own domain in 2019
-
People are more aware of their data rights than ever before, says ICONews Watchdog issued a record £5 million in fines to organisations in 2017/18
