Independent researcher xxdesmus discovered 9.5 billion rows of email metadata owned by Shanghai Jiao Tong University in a database that didn’t require authentication.

On May 10, the researcher discovered a database containing 7 TB of data, which grew to 8.4 TB of data by the time it was secured on May 24, according to a June 9 blog post.

Among the metadata contained in the database were IP addresses, user agents of the persons checking email, email addresses sending or receiving emails from different email addresses, and other high level details of specific email exchanges.

The information appeared to have been from the popular self-hosted email platform named Zimbra and the researcher was able to locate all email being sent or received by a specific person although the databases did not contain subject line information or the bodies of the exposed emails.

Topics:

Cybersecurity Data Breach