When Your Contact’s Address Book Gets Hacked: Covve (db8151dd) Data Breach, 2020

📅 October 06, 2020

⏱️2 min read

For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online, and no one knew where they came from. Web security expert Troy Hunt titled his blog post "The Unattributable 'db8151dd' Data Breach."

Hunt was particularly concerned that his own data was on there. The list included his phone number, something that he doesn't make available on public sites. This wasn't a case of scraping publicly available sources. It was a data leak.

Curiouser still, Hunt's information was directly next to that of someone he knew personally. The experience had him spooked. And it should have us all spooked that even a highly renowned web security expert can fall victim to a data leak.

Hunt writes, "there's nothing you nor I can do about it beyond being more conscious than ever about just how far our personal information spreads without our consent and indeed, without our knowledge."

Hunt wrote this blog entry after 3 months of investigating with his usual accomplices, resigned to the possibility that he may never find answers to this case.

Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised. The details of 90,000 users of its (now defunct) web app were gained by an unauthorised third-party actor. Because of the nature of the app, it wasn't just Covve users that were implicated, but their contacts as well.

This incident brings home the fact that even if we do our utmost to protect our data online, there's no guarantee that it won't be breached somehow. It's also a reminder that any time we share our contacts' details online, we bear the burden of potentially exposing them to hackers and spammers.

Take a moment now to consider the people within your various social and business circles. Think of the highly visible people in your company and your client contacts. Could they be compromising your company's security?

If Troy Hunt could be dumbfounded for 5 months as to the source of his data being breached, then there is no guarantee that your information is safe with your contacts.

So what can you do? When a major security breach is discovered, it's not just your own data you should be concerned about. Expand your search to include key contacts and highly visible people in your company.