An unencrypted, non-password-protected database was discovered by Cybersecurity Researcher Jeremiah Fowler. This database contained files from an email marketing platform and held approximately 40 billion records (13 TB). The records appeared to belong to Netcore Cloud Pvt. Ltd (Netcore), an India-based company providing marketing services. Fowler sent a message to Netcore to inform them of the exposure, and the database was restricted the same day. The organization also expressed gratitude for the disclosure and requested more information, to which Fowler complied. 

While the database is no longer accessible, it is unknown if any malicious actors accessed it before it was restricted. Furthermore, it is unknown for how long the database was accessible. 

In the exposed files, Fowler discovered mail log records, banking notifications and healthcare information. Data contained in these records included email addresses, partial account numbers and IP addresses. Additionally, many of the exposed files were marked as confidential. 

Fowler explained the risks this exposed data could present, stating, “The exposure of billions of digital messaging records has numerous potential risks that go far deeper than unwanted spam messages. The exposure of email addresses (both personal and professional) and mail delivery records could provide criminals with a better understanding of the business, customer, or banking relationships that an individual has. Hypothetically, these records could reveal sensitive personal and financial data that could be used by criminals for targeted phishing attempts.”