What Happened
In February 2019, Verifications.io, an email validation service, suffered a massive data breach when security researchers Bob Diachenko and Vinny Troia discovered an unprotected MongoDB database left publicly accessible without authentication. The breach exposed 763 million unique email addresses along with additional personal information including names, phone numbers, physical addresses, dates of birth, genders, employers, IP addresses, and job titles—though notably no passwords were included. The exposed data also contained sensitive details such as mortgage amounts, interest rates, and social media account associations linked to email addresses. The breach resulted from the company’s failure to secure its database rather than a sophisticated cyberattack, and after Diachenko reported the incident, Verifications.io took its website offline on March 4, 2019, and subsequently ceased operations. Security firm DynaRisk later revealed that four separate MongoDB databases from the company were compromised, totaling over 2 billion records when combined, with the additional three databases containing even more sensitive information including credit scores and social media profiles.
