A security breach that happened at the Covve Contacts app has leaked over 100 million records of 22 million users. This database was found online by Dehashed and shared with Troy Hunt for investigation back in February. And now, the security expert has come up with a blog post explaining what this incident is all about. Until it’s attributed to Covve, this incident is called as db8151dd.

Snippets of leaked database

Snippets of the leaked database

Initial Revelation

On May 15th, Troy Hunt, a security expert has revealed in his blog post that, he was approached by Dehashed in February about a massive database that’s been publicly exposed major cloud provider, accessible via Elasticsearch. 103,150,616 records are belonging to around 22 million users, which totaled up to 90GB! At first, he, and all others he worked with have failed to identify the source of this gathering but later found out from public disclosure of an app.

Finding Data About Self

It would be intriguing when you’re a security researcher and found your day in the case you’re investigating on. Troy Hunt’s is the same story. Out of all the records he analyzed, he claimed to be found his records which include his phone number, email address, and others.

Covve Contacts App Leaked 100 Million Records Of Customer Data
Covve Contacts App Leaked 100 Million Records Of Customer Data

Further, his record was placed just beside another’s who he had met in the past! While this was getting interesting, Troy guessed this could have been leaked from a CRM system, which would be constantly tracking their customers’ engagements. And not long after that, an official disclosure from Covve came out, clearing the air.

Public Disclosure

Covve is an AI-powered contact management app. This is a part of customer relationship management, where all the customer contacts and their interactions with the business are recorded to know them better. The public disclosure form Covve says they were informed about a data breach, where unauthorized access was made into one of their systems.

Upon discovery, they revealed that users’ contact details have been accessed, but there were no sensitive details like passwords or card data. Further, they’ve decommissioned the impacted system to avoid further problems, informed the regulators, and continuing the investigation.

Sources: Troy Hunt| Covve


Please enter your comment!
Please enter your name here