Wired, Forbes and others have reported that last Thursday security researchers went public with information they had discovered verifications.io, a bulk email validation firm, left one or more databases potentially containing over 2 billion records unencrypted and accessible. While no Social Security numbers, credit card numbers or passwords were included, reportedly information such as validated email addresses, dates of birth, mortgages amounts, phone numbers, social media accounts and other information was accessible.
You can check whether any of your own email addresses have been compromised in the potential verifications.io leak or other leaks or breaches at the “have i been pwned?” website. However, receiving a “Oh no – pwned!” notice only means your email address has been found on a poorly secured server or a server that had been breached. Site passwords were not necessarily compromised, although that could also be the case. For example, the Facebook breach exposed Facebook email addresses, while the Under Armour breach exposed both email addresses and passwords. Similarly, the LinkedIn breach exposed email addresses and passwords. Even then, discovering your site password has been compromised does not mean your email account password likewise has been compromised unless you use the same password for both – which you should never do.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.