A misconfigured server owned by NetcoreCloud, an India-based email marketing and automation provider, exposed 40 billion records (13.4TB of data), including sensitive emails, internal delivery logs, and technical details. The unprotected database contained email addresses, message subjects, healthcare notifications, banking alerts, employment-related emails, partial account details, IP addresses, SMTP configurations, and confidential files. While no evidence confirmed unauthorized access, the exposure risked enabling targeted phishing, social engineering, and further system breaches due to leaked operational insights. The company secured the database upon notification, but the scale of the leak affecting 6,500+ global clients across ecommerce, finance, media, and travel raised concerns about enterprise data privacy and third-party vendor risks. The incident underscored vulnerabilities in handling large-scale communication data, though no malicious exploitation was confirmed.
Source: https://hackread.com/misconfigured-netcorecloud-server-40-billion-records/
TPRM report: https://www.rankiteo.com/company/netcore-cloud
"id": "net3392033101625",
"linkid": "netcore-cloud",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (potentially thousands '
'of global clients across '
'ecommerce, finance, media, '
'travel)',
'industry': 'Technology / Digital Marketing',
'location': 'Mumbai, India',
'name': 'Netcore Cloud Pvt. Ltd.',
'size': 'Serves 6,500+ brands in 40 countries',
'type': 'Email Marketing and Automation Provider'}],
'attack_vector': 'Misconfigured Server (Publicly Accessible Database)',
'data_breach': {'data_encryption': 'None (data was unencrypted)',
'data_exfiltration': 'Unconfirmed (no evidence of '
'unauthorized access, but not ruled out)',
'file_types_exposed': ['Mail logs',
'Database records',
'Configuration files'],
'number_of_records_exposed': '40 billion (with potential '
'duplicates)',
'personally_identifiable_information': ['Email addresses',
'Partial account '
'details',
'Potential PII in '
'email content'],
'sensitivity_of_data': 'High (includes confidential labels, '
'PII, and operational details)',
'type_of_data_compromised': ['Email communication records',
'Marketing data',
'Healthcare notifications',
'Banking alerts',
'Employment emails',
'Technical logs (IP addresses, '
'SMTP data)',
'Internal system details']},
'date_resolved': '2023-XX-XX (same day as notification by Jeremiah Fowler)',
'description': 'A misconfigured server belonging to Indian company '
'NetcoreCloud exposed 40 billion records and 13.4TB of data, '
'revealing sensitive emails and internal details from global '
'clients. The database, discovered by cybersecurity researcher '
'Jeremiah Fowler, contained unprotected and unencrypted mail '
'logs, marketing data, healthcare notifications, banking '
'alerts, employment-related emails, partial account details, '
'and technical information like IP addresses and SMTP '
'configurations. The exposure was secured after responsible '
'disclosure, but the duration of accessibility and potential '
'unauthorized access remain unclear.',
'impact': {'brand_reputation_impact': 'High (due to scale and sensitivity of '
'exposed data, affecting 6,500+ global '
'brands)',
'data_compromised': ['Email addresses',
'Message subjects',
'Internal delivery information',
'Healthcare notifications',
'Banking activity alerts',
'Employment-related emails',
'Partial account details',
'IP addresses',
'SMTP configuration data',
'Confidential records',
'Internal systems/production environment '
'details (database names, update servers, '
'access points)'],
'identity_theft_risk': 'Moderate (partial account details and PII '
'in emails)',
'operational_impact': 'Potential increased risk of targeted '
'phishing, social engineering, and further '
'breaches due to exposed technical details.',
'payment_information_risk': 'Low (banking *alerts* exposed, but '
'not full payment details)',
'systems_affected': ['Mail logs database',
'Marketing data systems']},
'investigation_status': 'Ongoing (internal forensic audit pending)',
'lessons_learned': ['Importance of regular infrastructure audits for '
'large-scale communication data',
'Risks of misconfigured servers and unencrypted sensitive '
'data',
'Need for proactive monitoring to detect exposed '
'databases',
'Value of responsible disclosure by security researchers'],
'post_incident_analysis': {'corrective_actions': ['Secured database access',
'Internal review',
'Planned forensic audit'],
'root_causes': ['Misconfigured server (publicly '
'accessible)',
'Lack of encryption',
'Potential third-party vendor '
'involvement']},
'recommendations': ['Implement robust access controls and encryption for all '
'databases',
'Conduct frequent security audits and penetration testing',
'Monitor for unauthorized access attempts to critical '
'systems',
'Enhance employee training on data handling and '
'misconfiguration risks',
'Establish clearer vendor management policies if third '
'parties are involved'],
'references': [{'source': "Website Planet (Jeremiah Fowler's Blog)"},
{'source': 'Hackread.com'}],
'response': {'communication_strategy': ["Responded to researcher's disclosure",
'Requested details for internal '
'review'],
'containment_measures': ['Restricted access to the exposed '
'database'],
'incident_response_plan_activated': True,
'remediation_measures': ['Internal review initiated',
'Forensic audit (planned/underway)']},
'title': 'NetcoreCloud Misconfigured Server Exposes 40 Billion Records and '
'13.4TB of Sensitive Data',
'type': ['Data Exposure', 'Misconfiguration'],
'vulnerability_exploited': 'Lack of Access Controls / Unencrypted Data '
'Storage'}