Marketing Firm Straffic Exposed 49 Million Emails On Unsecured Server

This time the firm is an Israeli marketing company Straffic who exposed 49 million emails via an unsecured database. Though, the firm called the breach a vulnerability.

Reportedly, Israeli marketing firm Straffic has exposed millions of emails via an unprotected server. The leaky database had around 49 million unique emails that totaled up to 140GB bearing explicit contact details.

As elaborated in a post, the unsecured instance first caught the attention of a researcher with alias 0m3n on Twitter. The researcher found that Straffic left the credentials for an unprotected Elasticsearch database online. Thus, anyone could access the information contained within without hassle.

He told the Information Security Media Group that he became curious about the server after receiving a spam message. Scratching the surface revealed to him a .ENV file on a related webserver that pointed to the Elasticsearch database.

According to ISMG analysis, the exposed information included names, genders, email addresses, physical addresses, contact numbers, but not for all records. Besides, the researcher could also see Laravel logs on the database for a Straffic app.

However, the researcher also shared his discovery with Troy Hunt of Have I Been Pwned, who could see 49 million unique email addresses in the database. While he confirmed that 70% of those emails were already present in the HIBP records, still the remaining new entries form a huge number.

You Might Also Like