Verifications.io Data Breach
Verifications.io Email Verification Service Breach: 763M Records Including Names, Phone & Location
Email verification and marketing lead data service (now defunct)
Risk Interpretation
High risk of spam, phishing, credential targeting, and large-scale marketing abuse. Verified-email status makes the dataset especially useful for attackers seeking live addresses.
Impact & Downstream Threats
The breach impact was severe because it exposed one of the largest publicly known marketing-data corpora of its kind. Have I Been Pwned says 763 million unique email addresses were exposed after researchers found a publicly accessible MongoDB instance with no password, and many records also contained names, phone numbers, IP addresses, dates of birth, and genders. That made the dataset highly useful for phishing, spam operations, identity linkage, profile enrichment, and targeted marketing abuse
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Employment-based social engineering using job and employer data
Threat Vectors
Breach Intelligence
Executive Summary
Verifications.io, an email validation and marketing-data service, exposed 763 million unique email address records after security researchers Bob Diachenko and Vinny Troia discovered the company's MongoDB database had been left publicly accessible without a password. No sophisticated attack was required. Anyone with an internet connection could access roughly 150 gigabytes of data. The company took its website offline during the disclosure process in February 2019. The exposed records went well beyond email addresses. Many entries also included names, phone numbers, physical addresses, IP addresses, dates of birth, genders, employers, and job titles. Because Verifications.io's core business was confirming that email addresses belonged to real, active users, the dataset was particularly valuable to bad actors. Verified, live addresses are far more useful for phishing campaigns and spam operations than unvalidated lists, and the additional personal details made large-scale identity profiling and targeted fraud easier to carry out. No passwords were included in the breach, but that offers limited reassurance given the volume and richness of the data. Affected individuals had no direct relationship with Verifications.io; their information was collected and held as third-party marketing data. People whose records were exposed face elevated risk of phishing attempts, spam, and identity-linked targeting. Anyone who suspects their information was included should treat unsolicited contact with extra caution, particularly messages that reference personal details to appear legitimate.
About Verifications.io
Verifications.io was an email validation and marketing-data service that helped customers clean and verify email lists for outreach and lead-generation use. In practice, that put it in the business of handling very large volumes of email-linked marketing and contact data rather than running a normal consumer platform.
Why They Hold Your Data
Email-verification and lead-intelligence datasets aggregate email addresses, deliverability status, and marketing-linked contact intelligence for outreach and lead-generation workflows.
Recent Developments
Verifications.io appears to be defunct. Public reporting after the 2019 exposure said the site went offline and the company appeared to be out of business shortly afterward, and today it is remembered mainly as a failed email-marketing data operation rather than as a continuing service.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, employer, full_name, gender, geographic_locations, ip_address, job_information:job_title, phone_number, physical_address
Dark Web Verification
- Dataset containing ~763.1M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Verifications.io Data Breach;verifications.io-2019
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Verifications.io
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam