Covve, the popular address book app, experienced a data breach.
It exposed the details of nearly 23 million individuals.
A third party had gained unauthorized access to one of their legacy, decommissioned systems.
The compromised data, which was left exposed on a major cloud provider via a publicly accessible Elasticsearch instance, included names and job titles, email addresses, phone numbers, and physical addresses.
Source: https://portswigger.net/daily-swig/covve-revealed-as-source-of-data-breach-impacting-23m-individuals
TPRM report: https://scoringcyber.rankiteo.com/company/covve
"id": "cov17301222",
"linkid": "covve",
"type": "Breach",
"date": "05/2020",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 23000000,
'industry': 'Technology',
'name': 'Covve',
'type': 'Company'}],
'attack_vector': 'Unauthorized access to a legacy, decommissioned system',
'data_breach': {'number_of_records_exposed': 23000000,
'personally_identifiable_information': ['Names',
'Job Titles',
'Email Addresses',
'Phone Numbers',
'Physical Addresses'],
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['Personal Information']},
'description': 'Covve, the popular address book app, experienced a data '
'breach that exposed the details of nearly 23 million '
'individuals. A third party had gained unauthorized access to '
'one of their legacy, decommissioned systems. The compromised '
'data, which was left exposed on a major cloud provider via a '
'publicly accessible Elasticsearch instance, included names '
'and job titles, email addresses, phone numbers, and physical '
'addresses.',
'impact': {'data_compromised': ['Names',
'Job Titles',
'Email Addresses',
'Phone Numbers',
'Physical Addresses'],
'systems_affected': ['Legacy, decommissioned system',
'Elasticsearch instance']},
'title': 'Covve Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Publicly accessible Elasticsearch instance'}