An email marketing company left 809 million records exposed online

(GERMANY OUT) Leerstehendes Fabrikgebäude im Bonner Stadtteil Friesdorf. Vernagelte Eingangstüre mit zerschlagenen Scheiben    (Photo by JOKER / Karl-Heinz Hick/ullstein bild via Getty Images)

Enlarge / (GERMANY OUT) Leerstehendes Fabrikgebäude im Bonner Stadtteil Friesdorf. Vernagelte Eingangstüre mit zerschlagenen Scheiben (Photo by JOKER / Karl-Heinz Hick/ullstein bild via Getty Images) (credit: Ullstein Bild | Getty Images)

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters. But increased awareness hasn't slowed the problem. In fact, it's only grown bigger—and more confounding.

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair went public with their findings this week. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be "business intelligence data," like employee and revenue figures from various companies. This diversity may stem from the information's source. The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

While you've likely never heard of them, validators play a crucial role in the email marketing industry. They don't send out marketing emails on their own behalf, or facilitate automated mass email campaigns. Instead, they vet a customer's mailing list to ensure that the email addresses in it are valid and won't bounce back. Some email marketing firms offer this mechanism in-house. But fully verifying that an email address works involves sending a message to the address and confirming that it was delivered—essentially spamming people. That means evading protections of internet service providers and platforms like Gmail. (There are less invasive ways to validate email addresses, but they have a tradeoff of false positives.) Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.

Read 14 remaining paragraphs | Comments

Meet Helm, the startup taking on Gmail with a server that runs in your home

Meet Helm, the startup taking on Gmail with a server that runs in your home

Enlarge (credit: Helm)

There’s no doubt that Gmail has changed the way we consume email. It’s free, it gives most of us all the storage we’ll ever need, and it does a better job than most in weeding out spam and malware. But there’s a cost to all of this. The advertising model that makes this cost-free service possible means some of our most sensitive messages are being scanned for clues about who we are, what we care about, and what we do both online and offline. There’s also the possibility of Google either being hacked or legally compelled to turn over contents.

On Wednesday, a Seattle-based startup called Helm is launching a service designed to make it easy for people to securely take control of their email and other personal data. The company provides a small custom-built server that connects to a user's home or small-office network and sends, receives, and manages email, contacts, and calendars. Helm plans to offer photo storage and other services later.

With a 120GB solid-state drive, a three-minute setup, and the ability to store encrypted disk images that can only be decrypted by customers, Helm says its service provides the ease and reliability of Gmail and its tightly coupled contacts and calendar services. The startup is betting that people will be willing to pay $500 per year to be able to host some of their most precious assets in their own home.

Read 11 remaining paragraphs | Comments