When Your Contact’s Address Book Gets Hacked… Covve Data Breach, 2020

For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online, and no one knew where they came from. Web security expert Troy Hunt titled his blog post “ The Unattributable ‘db8151dd’ Data Breach.”

Hunt was particularly concerned that his own data was on there. The list included his phone number, something that he doesn’t make available on public sites. This wasn’t a case of scraping publicly available sources. It was a data leak.

Curiouser still, Hunt’s information was directly next to that of someone he knew personally. The experience had him spooked. And it should have us all spooked that even a highly renowned web security expert can fall victim to a data leak.

Hunt writes, “there’s nothing you nor I can do about it beyond being more conscious than ever about just how far our personal information spreads without our consent and indeed, without our knowledge.”

Hunt wrote this blog entry after 3 months of investigating with his usual accomplices, resigned to the possibility that he may never find answers to this case.

Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised. The details of 90,000 users of its (now defunct) web app were gained by an unauthorised third-party actor. Because of the nature of the app, it wasn’t just Covve users that were implicated, but their contacts as well.

This incident brings home the fact that even if we do our utmost to protect our data online, there’s no guarantee that it won’t be breached somehow. It’s also a reminder that any time we share our contacts’ details online, we bear the burden of potentially exposing them to hackers and spammers.

Take a moment now to consider the people within your various social and business circles. Think of the highly visible people in your company and your client contacts. Could they be compromising your company’s security?

If Troy Hunt could be dumbfounded for 5 months as to the source of his data being breached, then there is no guarantee that your information is safe with your contacts.

So what can you do? When a major security breach is discovered, it’s not just your own data you should be concerned about. Expand your search to include key contacts and highly visible people in your company.

Originally published at https://freshsec.com.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Fresh Security

A hacker’s view of you and your business. Clear, actionable security insights in real time without jargon. Best of all you don’t need to talk to IT. #freshsec