When Your Contact’s Address Book Gets Hacked: Covve (db8151dd) Data Breach, 2020

    Data Leak

For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online, and no one knew where they came from. Web security expert Troy Hunt titled his blog post "The Unattributable 'db8151dd' Data Breach."

Hunt was particularly concerned that his own data was on there. The list included his phone number, something that he doesn't make available on public sites. This wasn't a case of scraping publicly available sources. It was a data leak.

Curiouser still, Hunt's information was directly next to that of someone he knew personally. The experience had him spooked. And it should have us all spooked that even a highly renowned web security expert can fall victim to a data leak.

Hunt writes, "there's nothing you nor I can do about it beyond being more conscious than ever about just how far our personal information spreads without our consent and indeed, without our knowledge."

Hunt wrote this blog entry after 3 months of investigating with his usual accomplices, resigned to the possibility that he may never find answers to this case.

Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised. The details of 90,000 users of its (now defunct) web app were gained by an unauthorised third-party actor. Because of the nature of the app, it wasn't just Covve users that were implicated, but their contacts as well.

This incident brings home the fact that even if we do our utmost to protect our data online, there's no guarantee that it won't be breached somehow. It's also a reminder that any time we share our contacts' details online, we bear the burden of potentially exposing them to hackers and spammers.

Take a moment now to consider the people within your various social and business circles. Think of the highly visible people in your company and your client contacts. Could they be compromising your company's security?

If Troy Hunt could be dumbfounded for 5 months as to the source of his data being breached, then there is no guarantee that your information is safe with your contacts.

So what can you do? When a major security breach is discovered, it's not just your own data you should be concerned about. Expand your search to include key contacts and highly visible people in your company.

October 6, 2020
2 Minutes Read

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868