Blog
Nearly 23 Million Email Addresses Found In Mystery Unsecured Database: Were You Exposed?

Nearly 23 Million Email Addresses Found In Mystery Unsecured Database: Were You Exposed?

Reviewed by
Security researchers recently discovered an open database containing 22.8 email addresses. This database containing millions of records is a mystery to researchers as the database's origins have not been identified.
Table of Contents
Security researchers recently discovered an open database containing 22.8 email addresses. This database containing millions of records is a mystery to researchers as the database's origins have not been identified.

Key Takeaways

Security Researchers from Have I Been Pwned recently discovered an open database containing 22.8 email addresses. This database containing millions of records is a mystery to researchers as the database's origins have yet to be identified. Security researcher Troy Hunt does not believe the information was obtained by scraping publicly available information.

"Firstly, my phone number is not usually exposed and that was in there in full. Yes, there are many places that (obviously) have it, but this isn't a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else I've interacted with in the past as though the data source understood the association," Troy states.

This information has led security researchers to believe that the database's origins are tied to a customer relationship management system. Three months of investigation have turned up minimal clues as to the source of the unsecured information. These clues include three phrases that appear throughout the data multiple times:

  • This contact information was synchronized from Exchange. If you want to change the contact information, please open OWA and make your changes there.
  • Exported from Microsoft Outlook (Do not delete).
  • Contact Created by Evercontact. (Evercontact is a contact management app available on Android.)

When contacted as part of the investigation, Evercontact was unable to provide security researcher Troy Hunt with any additional information.

Unsecured databases pose a serious threat. Hundreds of millions of records containing highly confidential, personally identifiable information are at risk of getting exposed.

Run a free security scan in a few clicks

Guardio is a Chrome extension that monitors suspicious activity and blocks hackers from stealing your data.

{{component-cta-custom}}

HOW CAN I FIND OUT IF MY INFORMATION IS EXPOSED IN THIS DATABASE?

Guardio offers account monitoring services. If you already have a membership with Guardio and were exposed, you can see a list of any data breaches that involved your accounts on your personal dashboard.

If you aren't already a member of Guardio, we invite you to activate a free trial of our live browser protection and account monitoring service. At the time that you activate your trial, we'll run a scan of your device for existing threats and alert you of any instance where your accounts were involved in a data breach, including this large scale mystery unsecured database. If you have multiple email addresses to check, we've got you covered there, too.

Run a free security scan in a few clicks

Guardio is a Chrome extension that monitors suspicious activity and blocks hackers from stealing your data.

{{component-cta-custom}}

CMS-based CTA:
Clean up your browser and prevent future scams
Protect yourself from money scams & other online threats, begin with a free scan.
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

FAQs

No items found.
Table of Contents
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now