A security breach at the Covve Contacts app has leaked over 100 million records of 22 million users. This database was found online by Dehashed and shared with Troy Hunt for investigation back in February. The security expert has now come up with a blog post explaining what this incident is all about. Until it’s attributed to Covve, this incident is called db8151dd.
On May 15th, Troy Hunt, a security expert has revealed in his blog post that Dehashed approached him in February about a massive database publicly exposed to major cloud providers, accessible via Elasticsearch.
103,150,616 records belong to around 22 million users, totaling up to 90GB! At first, he and all others he worked with have failed to identify this gathering source but later found out from public disclosure of an app.
Finding Data About Self
It would be intriguing when you’re a security researcher and found your day in the case you’re investigating on. Troy Hunt’s is the same story. Out of all the records he analyzed, he claimed to be found his records, including his phone number, email address, and others.
Further, his record was placed just beside another’s he had met in the past! While this was interesting, Troy guessed this could have been leaked from a CRM system, which would constantly be tracking their customers’ engagements. And not long after that, an official disclosure from Covve came out, clearing the air.
Covve is an AI-powered contact management app. This is a part of customer relationship management, where all the customer contacts and their interactions with the business are recorded to know them better. The public disclosure form Covve says they were informed about a data breach, where unauthorized access was made into one of their systems.
Upon discovery, they revealed that users’ contact details had been accessed, but there were no sensitive details like passwords or card data. Further, they’ve decommissioned the impacted system to avoid further problems, informed the regulators, and continuing the investigation.