A database related to the internet marketing company has been exposed on the internet, with most of the records relating to users of adult dating sites.
When researchers discovered VpnMentor, an 882GB database was traced back to a company called Mailfire, which basically offers free services like email marketing tools plus app push notifications. The database is believed to affect at least several hundreds of users across more than 70 websites, including notification content; Personally identifiable data; personal message; Authentication code; The link, and the mail content.
The database was found to have been exposed to an insecure Elasticsearch server on August 31 through contact with vendors. 3. The offline database was disconnected on the same day that Mailfare was contacted.
The sites affected were mostly adult dating sites, including a dating site to meet up Asian women, a premium international dating site targeting an older demographic, a site for people who want to date Colombians, etc. Other sites like this connect men and women in different parts of the world. Data from some popular e-commerce sites are also found in exposed databases.
In particular, the live data in the database was updated when it was revealed that about 370 million records had been included for the 66 personal notifications sent in the previous 96 hours.
Mailfire is believed to have taken full responsibility for the recent data and told researchers that none of the companies disclosed in the database was responsible in any way. Mailfire clients were reported back in September data. 4. Whether the companies affected by the breach have subsequently notified their users that this is another matter. Mailfire doesn’t offer a complete list of its clients, but one – a dating site called Kismiya, doesn’t disclose a data breach, at least publicly.
While there is always the question of whether bad elements can access the exposed database before they are discovered, in this case, the answer is in the affirmative. According to the researchers, the attack was already successfully done on the server that searched the database, before the hacking group Meow was believed to be responsible.
As with all data breaches of this nature, the risk is that the data could be used for nefarious purposes. The attack might only affect thousands of dating clients, but that’s a precedent for sure – a hacking and subsequent release of data related to the Ashley Madison cheat site in 2015. In this case, users were kicked out of threats that would have exposed their activities at the time and even Now, five years later.