Privacy Perils: Trust, but Verify

March 15, 2019
Firm Publication

Wired, Forbes and others have reported that last Thursday security researchers went public with information they had discovered verifications.io, a bulk email validation firm, left one or more databases potentially  containing over 2 billion  records unencrypted and accessible. While no Social Security numbers, credit card numbers or passwords were included, reportedly information such as validated email addresses, dates of birth, mortgages amounts, phone numbers, social media accounts and other information was accessible.

You can check whether any of your own email addresses have been compromised in the potential verifications.io leak or other leaks or breaches at the “have i been pwned?” website. However, receiving a “Oh no – pwned!” notice only means your email address  has been found on a poorly secured server or a server that had been breached. Site passwords were not necessarily compromised, although that could also be the case. For example, the Facebook breach exposed Facebook email addresses, while the Under Armour breach exposed both email addresses and  passwords. Similarly, the LinkedIn breach exposed email addresses and passwords. Even then, discovering your site password has been compromised does not mean your email account password likewise has been compromised unless you use the same password for both – which you should never do.

Privacy Perils imageCheck out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob BrewerTony McFarlandElizabeth Warren or a member of our Privacy & Data Security team.