Another day, another data breach – This one is called “db8151dd.”
Security researcher Troy Hunt has revealed details of a massive, open Elasticsearch database he found online. Dubbed db8151dd; the database contains exclusive private details of around 22 million people including their names, email IDs, phone numbers, physical addresses, social media profiles, and job titles.
The HaveIBeenPwned fame Troy Hunt claims that he was informed about the db8151dd database back in February. The database contained around 90GB of data and the information, Hunt notes, was collected uniquely instead of scraping public sites as has been the case in many similar incidents in the past.
For instance, Hunt stated that phone numbers are rarely included in such databases but in this case, phone numbers were available. He also noted that records of individuals were placed strategically next to the person with who they interacted with in the past. This is quite surprising as if the link between the two individuals was recognized by the database.
This led to the conclusion that the database could be from or connected with a customer relations management system. According to his blog post, Hunt kept investigating for three months and could only get three clues, which are the three following phrases that repeatedly appeared throughout the data:
“This contact information was synchronized from Exchange. If you want to change the contact information, please open OWA and make your changes there.”
“Exported from Microsoft Outlook (Do not delete).”
“Contact Created By Evercontact. (Evercontact is a contact management app available on Android.)”
Hunt also tweeted about the breach:
I'm trying to trace down the origin of a *massive* breach someone sent me. Looks very much like a data aggregator but I can't attribute it. Came from a cloud hosted IP so no clues there. My own data is there, anyone see any clues indicating the source? https://t.co/GHBoWN93Fy
— Troy Hunt (@troyhunt) February 23, 2020
However, on May 15th, Covve, a Cyprus-based contact management solution firm acknowledged the breach. Hunt has also confirmed that the origin of this breach has been identified as the Covve contacts app. This also explains the strategic placement of the data since Covve uses AI (artificial intelligence) powered contacts manager.
On Friday the 15th, we became aware of information about a security incident on our platform. Our team immediately started investigating in order to determine the origin and nature of this incident. User data was compromised by a 3rd party who gained unauthorized access to one of our legacy, decommissioned systems. It appears at this stage that contact data such as name and contact details were accessed, that the data cannot be associated with specific users and no user passwords were compromised, the company said.
The company claims to have taken “all necessary measures to ensure that the security incident has been isolated and have confirmed that the system in question does not pose any further risk as it had already been decommissioned.”
However, the damage is done and as seen previously, it should be about time the “db8151dd” database would be sold on some dark web marketplace or available for download on a hacker forum.
For your information In December 2019, Hackread.com reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) Facebook users. A year later in April 2020, the same database was being sold for $600 (€549 – £492) on a hacker forum.