Mailfire data breach exposes more than 320 million records and PII of 70 websites

vpnMentor’s research team recently received a report from an anonymous ethical hacker about a massive data leak exposing users of over 70 adult dating and e-commerce websites from around the world.

The various websites were all using the same marketing software built by email marketing company Mailfire — who was responsible for the leak. The software in question had been compromised through an unsecured Elasticsearch server, exposing people all over the world to dangers like identity theft, blackmail, and fraud, says vpnMentor. It also appears that the exposed server was the victim of a recent and ongoing ‘Meow’ cyberattacks campaign that has been targeting unsecured Elasticsearch servers and wiping their data.

Further investigation revealed that some of the sites exposed in the data leak were scams, set up to trick men looking for dates with women in various parts of the world.

In total, more than 70 websites were affected in the data leak, all using Mailfire services. Most of the websites using the tool were adult dating websites. However, the database also contained data from e-commerce websites. Among the websites affected included a dating site for meeting Asian women, a premium international dating site targeting an older demographic, one for people who want to date Colombians, and more similar sites connecting men to women in different parts of the world. It also appeared that many of the websites shared common owners.

Based on vpnMentor's investigation, the unsecured server was a log for notifications being sent by the owners of all 70+ websites via Mailfire’s software. At the beginning of the investigation, the server’s database was storing 882.1 GB of data from the previous four days, containing over 370 million records for 66 million individual notifications sent in just 96 hours.

Each of the millions of notifications contained valuable and sensitive Personally Identifiable Information (PII) data for people using the affected websites to send and receive messages. The PII data revealed included:

Full names
Age and date of birth
Gender
Email addresses
Locations of senders
IP addresses
Profile pictures uploaded by users
Profile bio descriptions

Aside from the PII data, the leak also exposed conversations happening between users on dating sites affected. These often revealed private and potentially embarrassing or compromising details of people’s personal lives and romantic or sexual interests.

The breach affected people across the globe, in over 100 countries, such as:

Afghanistan
Australia
Belgium
Canada
Estonia
France
Germany
Hong Kong
Israel
Japan
Kenya
New Zealand
Portugal
Qatar
Russia
Singapore
UK
USA

For more details, including images showing the breach, please visit https://www.vpnmentor.com/blog/report-mailfire-leak/

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.