CyberNews - Maropost Exposes 95 Million Email Records

Press Release updated: Apr 20, 2020
Marketing giant Maropost exposes 95 million email records and doesn't seem to care about it

VILNIUS, Lithuania, April 20, 2020 (Newswire.com) - ​CyberNews.com, a leading resource for cybersecurity news and analysis, has uncovered an unprotected database that belongs to the marketing automation platform Maropost, whose 10,000+ clients include New York Post, Shopify, Fujifilm, Hard Rock Café, and Mother Jones, and many other worldwide brands.

Database contained more than 19 million unique email IDs that were used in a total of 95 million records, as well as email logs that were left on a publicly accessible server. The email logs also contained relevant metadata like the exact date and time the marketing emails were sent, who sent them and to whom, presumably exposing the entire Maropost email marketing client base, as well as the customers of those clients.

In order to get in touch with Maropost about their unprotected database, the CyberNews team went through multiple channels, including email, live chat, phone, and social media. For more than two months, Maropost ignored every attempt at communication. The team even went as far as trying to contact Maropost’s CEO Ross Andrew Paquette on Twitter as far back as February, but the message and connection requests got ignored – a fact that is being denied by Maropost.

On April 1, 2020, two months after the multiple unsuccessful communication attempts, CyberNews finally got a reply from Maropost CEO Ross Andrew Paquette. According to Maropost, the email addresses in the database were randomized data the company uses for internal testing. However, the CyberNews’ own tests have proven that not to be the case - the exposed user email IDs were genuine and deliverable, as well as hosted on legitimate, non-disposable email services such as Hotmail.

The database itself is now closed and inaccessible.

CyberNews, says: “Even a simple email address can be enough for an attacker to cause real damage. For example, hackers can combine the exposed addresses with data from other breaches to make more comprehensive pictures of their potential victims and stage phishing and social engineering attacks or engage in identity theft. This particular leak could make the email IDs especially useful – if the attackers know that their victims are subscribed to marketing emails from Shopify or New York Post, they will know exactly who to send the scam email to, when to send it, who to impersonate and what to say to make the victim take the bait.”

About:

CyberNews provides the latest tech news, and analysis to guide its readers worldwide through the ever-expanding land of technology, and particularly to help them navigate the risks from hackers, malware and misuse of personal data. For all that and more, visit https://www.cybernews.com and follow us on Twitter @CyberNews_com.

Media contact:

Lina Bernotaityte - +37064644275 - press@cybernews.com

Source: CyberNews

Tags

About CyberNews

cybernews.com