2 of 3 E-Mail addresses from the Verifications.io breach are random

HaveIBeenPwnd just informed me that 3 of my e-mail address are were found in another stupid data breach.Some "e-mail verification" service called "verifications.io" thought it was a good idea to run their database with public internet access and without any password.

I checked the mail addresses found in this breach and 2 of them are random generated addresses I have never used and the third one probably the most generic one I use. All three addresses are being spammed for years..

The first one is being spammed even since before I started my own spam blocker in 2008. There seem to be two other addresses similar one, with the targeted address being a truncated version of the other two. The breached one received 58,451 mail since 2008. One of the others was used once as a spoofed sender address for a spam mail, the other one was used thrice in 2008. 

The second breached email address was first targeted in march 2013 and I counted 817 mails since then. 

For the third address I cannot give any reliable numbers, as this address was in regular use, was found in multiple breaches and received a lot of legitimate email since the beginning of the internet. 

The generated addresses are set to block and autoreport, meaning emails to these address will be rejected (without backscatter) and automatically reported to abuse and spam databases as no legitimate mails should be received on these addresses.

Add new comment