Kenya among 100 countries in Massive mailfire data breach
Kenya has emerged as one of the hundred countries affected by a massive data leak that vpnMentor exposed earlier this week. The data break originated from email marketing company Mailfire.
Outlining the scope of the server breach, vpnMentor says the affected countries include Kenya, Afghanistan, Australia, Belgium, Canada, the United States of America, France and Germany, among others. There was no other African country in the list.
VpnMentor notes that the server’s database was storing 882.1 GB of data from the previous four days, containing over 370 million records for 66 million individual notifications sent in just 96 hours,” vpnMentor says. Records exposed include valuable and sensitive Personally Identifiable Information (PII) data for people using the affected websites to send and receive messages such as full names, age and date of birth, gender, profile photos and locations of users as well as their email addresses.
The data breach exposes users of the affected websites to dangers like identity theft, blackmail, phishing scams, malware and fraud, vpnMentor says. It also exposes companies to corporate espionage and cyber attacks.
Discovery, investigation, notification and company reaction vpnMentor says they learned about the data breach when their research team received a report from an anonymous ethical hacker about a massive data leak exposing the users of over 70 adult dating and e-commerce websites from around the world.
The team investigated the data given to them and they found out that the various affected websites were all using the same marketing software built by email marketing company Mailfire, and that the data leak which was confirmed on the 31 August, originated from an unsecured Elasticsearch server.
The server appeared to be connected to a notification tool used by the company’s clients to market. After investigating the server and compiling sufficient evidence to confirm Mailfire owned the exposed server, vpnMentor says that they reached out to Mailfire and presented their findings to the email marketing company on the 31 August, the same day the data leak was discovered.
“They reacted immediately and secured the server within a few hours,” the report says. Mailfire assumed full responsibility and insisted that the companies exposed were in no way responsible at all, vpnMentor says. “It is also worth noting that Mailfire is not responsible for the activity of the customers using their service.”
Potential impact on companies vpnMentor says that some of the ways a data breach could impact affected websites (there were e-commerce sites affected) are corporate espionage and cyber attacks. Competitors of the impacted websites could use this data breach to attract users to their platforms in a couple of ways.
Furthermore, if the database been leaked publicly, competitors could have gone one step further. They could have used it to micro-target people via their PII data for highly effective marketing campaigns, making it even easier to convert them. VpnMentor says that the other danger is that other malicious hackers could view the compromised server, and its owner, as an easy target or future attacks, as it had already been successfully attacked. This was the case with the affected Mailfire server.
The vpnMentor report advises companies that any time they integrate third party software into their digital infrastructure, they should thoroughly vet it for any vulnerabilities that could put the business or your customers at risk. Companies should also regularly review the amount of customer PII data that is being shared with third party tools. “You should only be required to provide the absolute minimum data needed for a tool to perform its intended function successfully,” they say.
This full report is available here: https://www.vpnmentor.com/blog/report-mailfire-leak/