Data aggregator leaks 9.3m people’s personal information

Data Breach overlaying a circuitboard

Security researchers have discovered an unsecured database containing the contact information of more than 9.3 million people, including email addresses, phone numbers, social media data and more.

The latest data exposure comes courtesy of Adapt.io, a company which offers sales and marketing professionals access to a database of (according to the company's website) 37 million business contacts, including 2.7 million C-level and 3.8 million vice-president and director-level contacts.

The unsecured database was initially discovered by security researcher and director of cyber risk research for Hacken, Bob Diachenko, who found a publicly-accessible MongoDB database with no access controls. The database contained 123GB of data on the names, job titles, employers, phone numbers, email addresses, physical addresses and social media profiles of 9.3 million people.

Diachenko initially discovered the data protection problem on 5 November. Hacken contacted the company to disclose the data leak, but so far has received no response from the company.

In its privacy policy, Adapt claims that it "takes precautions, including appropriate administrative, technical and physical measures, to protect Data About Customers against loss, theft and misuse, as well as unauthorized access, disclosure, alteration and destruction".

It also asserts that the company "uses reasonable security controls to protect Business Contact Information" - a claim which would appear to be at odds with the fact that more than 100GB of that information was sitting in an unsecured, publicly-accessible database.

Individuals can check if their data is in the Adapt database by using this form, and can request that they be removed if so.

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.