Have you ever wondered why your email address and other information appeared in a data breach impacting a platform you never signed up for? You probably don’t recall creating an account on the Verifications.io platform or River City Media. That’s because you didn’t.
It’s time you find out everything about your invisible connection to email verifiers
Email verifiers are online services that allow marketers and salespeople to verify that the email address you used to create an account, sign up for a newsletter or make an order on their website is real and valid. Email verifiers work silently in the background checking you to avoid future deliverability issues.
These companies use various tools in their validation process including IP address validation and verification of key demographics which also provides insights into your personal information which ends up in a database.
That’s why email-validation services are an attractive target for cybercriminals looking for a fresh batch of email addresses for their next wave of social engineering attacks.
In recent years, billions of user records have been exposed online due to unsecure databases belonging to email validation companies, including the infamous Verifications.io and River City Media data breaches.
Who is Verifications.io, and what information was exposed in the data breach?
The company provides email validation services for marketing companies worldwide. In short, Verifications.io and similar companies are used to maximize marketing campaign potentials by verifying potential consumer email lists for invalid or undeliverable email addresses.
In February 2019, cybersecurity researchers stumbled upon an unsecured public-facing database that exposed over 800 million email addresses and associated personally identifiable information (PII), including names, gender, dates of birth, phone numbers, IP addresses, job titles and employers. The leaked data contained no highly sensitive information such as passwords, credit card numbers or Social Security numbers.
Who is River City Media, and what information was exposed in the breach?
River City Media (RCM) is a US-based email marketing company that made headlines in March 2017 after exposing 1.4 billion individual records online due to an improperly configured backup. According to researchers, the exposed data includes email addresses and, in some cases, names, IP addresses, zip codes and home addresses.
Once again, no account login credentials or financial information was exposed. Even so, the database was left unprotected for at least three months before the company took it offline. If cybercriminals had stumbled upon it, they could have used the information in targeted phishing attacks to gather additional information from victims.
What should victims do?
Even if there was no indication that the databases were accessed or exploited by malicious actors, users should prepare for similar data breaches. Usually, when login credentials are exposed or compromised, victims are required to immediately change passwords and set up additional security features on their accounts. However, in this case, individuals should adopt preventive measures:
- Use a VPN to encrypt your internet connection and mask your actual IP address
- Don’t share your phone number when setting up a new account unless it is mandatory or required for two-factor authentication
- Consider setting up multiple email addresses for various online activities. Besides your professional email, it might be a good idea to create a separate email for your online shopping and personal correspondence or social media account
- Never use your date of birth or street address number as PINs or passwords for online accounts
Was your personal data exposed in a data breach? Find out now with Bitdefender’s Digital Identity Protection tool.