Veeam database leakage: not 440 million but 4.5 million email addresses leaked

Get a free Techzine subscription!

Three days ago, news came out that an unsecured Veeam marketing server had leaked 440 million data. Veeam has now fully investigated the leak and transparently shared the details with its customers. It also stresses that not 440 million but 4.5 million e-mail addresses are more correct.

In an extensive blog post of Veeam Co-CEO and President Peter McKay, all details are shared transparently, three days after reporting the leak. According to McKay, it was indeed a marketing server, as we first reported. However, it bothers him that the news was announced so quickly and that they did not wait for official figures after a thorough investigation.

4.5 million addresses

At first it was reported that 440 million e-mail addresses would be on the marketing server, but McKay stresses that there are 4.5 million unique addresses. According to him there were a lot of double e-mail addresses on the server and different aliases. There was no sensitive information on the server, because Veeam does not collect it from its (prospect) customers or partners either.

McKay says it was all a regrettable coincidence. The marketing database of data (names, e-mail addresses and IP addresses) became publicly available during a network maintenance period. This should not have happened and was due to human error. He emphasizes that the database was therefore still very difficult to find, but that it was useful for third parties.

Notification obligation

Veeam immediately took the necessary steps to lock each database with the necessary security protocols. In addition, they also informed a number of authorities (e.g. GDPR with the obligation to report) about the incident. Despite the fact that no sensitive information was leaked, the error is unforgivable according to McKay.

Despite the fact that the message is only being sent out today, Veeam emphasizes that they have not been able to gather all the information they need to make a complete report. In addition, they have simultaneously informed the necessary authorities with a complete report. Veeam and McKay excuse themselves several times in the blog post and will learn from their mistakes.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.