Alert: Veeam has exposed 400 million email addresses of customers, and a total of 200gb of data to the wild, word has been coming out. In the last 24 hours, Bob Diachenko of TechCrunch alerted Veeam of the breach, who then took the server offline. The databases containing the information was running in AWS.
From his Post:
“A 200-GB database included vast massives of data that is apparently used by Veeam marketing automation team to reach out to their customers using Marketo solution (Marketo is a software company focused on account-based marketing, including email, mobile, social, digital ads, web management, and analytics).”
With-in a few hours of being notified, Veeam took the databases offline. We are not sure how many of those 400 Million are duplicates due to their being two databases with this data.
It’s important to note that any nefarious actors targeting email accounts would find this quite the find, knowing most of those contacts works in most likely, along with possible user names of email services, like Azure, Office 365, and AWS.
Make sure your properly protected (not just because of this) by having admins use two factor authentication and a unique email address to register sites with that do not match your user name, and your log-in domain if possible.