ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Verifications.io Data Breach

verifications.io
Massive exposure
Verified breach
Accounts exposed 763,117,241
Breach date 25 Feb 2019
Added to tracker 09 Mar 2019
Data classes 10

What happened

In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

Exposed data

Dates of birth Email addresses Employers Genders Geographic locations IP addresses Job titles Names Phone numbers Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing Verifications.io โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP