More importantly, in addition to the email address, the database also has information about the status of the mail server when it contacts, detailing whether the message was sent or whether the server rejected the email. As Diachenko discovered, since the Internet device search engine indexed it on September 13, the database was online and exposed, including the “damaged” label and the 0.4 BTC ransom note.
Curiously, despite being successfully destroyed and bad actors asking the database owner for a ransom, the database was not encrypted when the researchers accessed the database. The exposed database did not provide any hints about who had the leaked data, but Diachenko found clues that the recorder could have been used as part of an e-marketing campaign operated by SaverSpy, a site known to handle offers from Coupons.com.
Diachenko contacted two organisations that were found to be associated with the exposed e-marketing database. Although no response was received from anyone, the database was quickly taken offline after his contact attempt. Although Diachenko did not find any payment card data or phone numbers, the email address and email status fields for each of the 11 million leaked records were invaluable for scammers, phishers and spammers.
