Covve 2020 Data Breach

Covve Contact Management App Exposure (2020): 22 Million Professional Contact Records Including Job Title Left in Open Database | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

UnknownDatabase ExposureEmail AddressFull NameJob InformationPhone NumberPhysical AddressSocial Media Profile
Low SeverityWebsite / service breach

Covve Contact Management App Exposure (2020): 22 Million Professional Contact Records Including Job Title Left in Open Database

Contact management and networking app.

Verified by ObscureIQ Intelligence
24/100Breach Risk Index
14Data Value
10Market Recency
2245dSince Breach

Breach Intelligence Summary

Entity: Covve · Actor: Unknown (researcher-found exposure; Covve legacy system) · Sources: 3 references
Attack: Database Exposure
Profile: Contact Management Platform · Personal and professional contact management application · Contact management and networking app · Global
Timeline: Breach (2020-02-20) · Indexed (May 15, 2020) · Year (2020)
Exposure: 22.8M records · 6 fields: Email Address, Full Name, Job Information, Phone Number, Physical Address, Social Media Profile
Status: Confirmed

Executive Summary

In February 2020, a large trove tracked as "db8151dd" was found exposed on a publicly facing Elasticsearch server and later confirmed by the contact-management app Covve as coming from a legacy, decommissioned system. It contained roughly 103 million records covering about 22 million individuals, including names, job titles, email addresses, phone numbers, and physical addresses. Many affected people were third-party contacts stored/enriched by Covve users rather than Covve customers. The data was provided to Have I Been Pwned.

ObscureIQ assessment: High risk because the platform may expose not just the user, but their broader contact network. Exposure enables phishing, relationship mapping, executive targeting, and social-graph exploitation.

Breach Impact

Because Covve enriched and stored contact records for people who were merely in users' address books (not Covve users themselves), the exposure affected millions of third parties with no direct relationship to the app. Exposed names, job titles, emails, phones, and addresses enable targeted phishing, business-themed social engineering, and doxxing.

About Covve

Covve is a contact-management / smart-address-book app (developed in Cyprus) that helps users organize professional contacts and enriches contact records with data gathered from the internet.

Why They Hold Your Data

Contact-management apps collect personal and professional contact records, emails, phone numbers, notes, network relationships, and account data tied to address-book organization and networking workflows.

Recent Developments

In February 2020, an exposed publicly facing Elasticsearch database (initially tracked as "db8151dd") was found and later confirmed by Covve as originating from a legacy, decommissioned system. It contained ~103 million records covering about 22 million people.

Data Points Exposed

6 verified field types
Email Address
Full Name High
Job Information
Phone Number
Physical Address High
Social Media Profile

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Targeted phishing and business-themed social engineering using name/job/employer
  • SIM-swap targeting using phone numbers
  • Doxxing and physical targeting from exposed addresses
  • Identity enrichment across contact graphs
Threat vectors:
  • Business spear-phishing
  • Profile enrichment & contact-graph linkage
  • SIM swapping & phone targeting
  • Home targeting & doxxing

Threat Actor: Unknown (researcher-found exposure; Covve legacy system)

Unknown (researcher-found exposure; Covve legacy system)
Database Exposure

Attribution and method are based on available breach intelligence. Reported attack vector: Database Exposure.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Covve breach?

In February 2020, a large trove tracked as "db8151dd" was found exposed on a publicly facing Elasticsearch server and later confirmed by the contact-management app Covve as coming from a legacy, decommissioned system. It contained roughly 103 million records covering about 22 million individuals,…

What data was exposed?

Verified fields include Email Address, Full Name, Job Information, Phone Number, Physical Address, Social Media Profile.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
Dehashed
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation