Security researchers have discovered a publicly accessible database belonging to an email validation firm that contained a nearly 800 million email addresses along with other data.

The discovery was made by Bob Diachenko and Vinny Troia Feb. 25 on a misconfigured MongoDB database but only made public today. The database in question belongs to a company called Verifications.io that provides services to businesses who wish to vet email mailing lists for valid emails.

The database contained 150 gigabytes of data, including 798 million email records, more than 4 million email addresses with phone numbers and more than 6 million pieces of information identified as business leads that included personal information — nearly 809 million records in total.

The researchers said that the data contained in the database “is not just another ‘Collection’ of previously

The database was taken down by Verifications.io when it was informed that it was publicly exposed, and the company appears to be completely offline now.

It’s not known if the database had been accessed by bad actors prior to its being taken down, but it’s implied that there’s a serious risk it was.

Chris DeRamus, chief technology officer at DivvyCloud Corp., told SiliconANGLE that the data exposed in the leak is “unique and highly exploitable.”

“If a bad actor were to discover this massive trove of data, they could easily validate the contact information for the users included to launch a more focused phishing or brute-force campaign,” he explained.

DeRamus added that automated cloud security solutions would have been able to detect the misconfiguration in the MongoDB database and could either alert the appropriate personnel to correct the issue, or trigger an automated remediation in real time. “These solutions are essential to enforce policy, reduce risk, provide governance, impose compliance and increase security across large-scale hybrid cloud infrastructure,” he said.

Image: Verifications.io via Bob Diachenko