RankWatch SEO Company Hacked?

The newest addition to the Internet’s most trustworthy archive of publicly known breached websites is a Mongo database that is presumed to belong to search engine optimisation (SEO) management company RankWatch.

According to information gathered by Australian security researcher and haveibeenpwned.com owner Troy Hunt, the Mongo DB with no password was accessed on the RankWatch.com website, and its content posted to an online forum, in November 2016. The data included more than 7.4 million email addresses along with names, employers, phone numbers and job titles in a table called “us_emails”.

New breach: RankWatch exposed 7.4M email addresses via unsecured Mongo DB. 72% were already in @haveibeenpwned https://t.co/LGaAnj1hUA

— Have I Been Pwned (@haveibeenpwned) November 3, 2017

As revealed in the tweet above, 72 percent of the email addresses were already on haveibeenpwned.com, meaning they had likely already been compromised in other data breaches before the RankWatch incident.

Hunt reached out to RankWatch but was not told the purpose of the data, where it had been acquired from, or whether the data owners had consented to its collection. The forum that originally posted the data described it as being “in the same vein as the modbsolutions leak,” a large list of corporate data allegedly used for spam purposes.

For more, visit: https://haveibeenpwned.com/PwnedWebsites