Pabbly, an email marketing firm, has left an unprotected database online exposing over 50 million email addresses.
Security researcher Jeremiah Fowler discovered the open and publicly accessible database on January 24. Subsequently, anyone with access to the internet could have accessed approximately 51.2 million records.
According to the researcher, the database included records going back to 2014, containing customer names, email addresses, subject line, email messaging and additional internal records like SMTP data and host path.
In addition, the database also contained IP addresses, ports, storage information, and pathways, of all which could be exploited by threat actors. Anyone with access to the data could also edit, download and delete records without needing any admin credentials.
It is possible that these emails could be targeted for phishing attempts, spam, and other cyber attacks.
“Spam has always been an industry wide problem that affects everyone and it seems logical that if your email is exposed the risk factors increase. Unfortunately, when emails are exposed legitimate marketing can be exploited for nefarious purposes,” explained by Fowler.
It remains unclear as to how long the data was exposed for, and who else may have gained access to it.
Upon discovering the database, Fowler sent a responsible disclosure notice to Pabbly the same day and within hours public access. Despite this, Fowler has yet to receive a response to the initial notice.
The post #Privacy: Email marketing company exposes over 51m records appeared first on PrivSec Report.