[BreachExchange] Shanghai Jiao Tong University exposed 8.4 TB of email data

Destry Winant destry at riskbasedsecurity.com
Tue Jun 11 00:41:09 EDT 2019


https://www.scmagazine.com/home/security-news/data-breach/independent-researcher-xxdesmus-discovered-9-5-billion-rows-of-email-metadata-owned-by-shanghai-jiao-tong-university/

Independent researcher xxdesmus discovered 9.5 billion rows of email
metadata owned by Shanghai Jiao Tong University in a database that
didn’t require authentication.

On May 10, the researcher discovered a database containing 7 TB of
data, which grew to 8.4 TB of data by the time it was secured on May
24, according to a June 9 blog post.

Among the metadata contained in the database were IP addresses, user
agents of the persons checking email, email addresses sending or
receiving emails from different email addresses, and other high level
details of specific email exchanges.

The information appeared to have been from the popular self-hosted
email platform named Zimbra and the researcher was able to locate all
email being sent or received by a specific person although the
databases did not contain subject line information or the bodies of
the exposed emails.


More information about the BreachExchange mailing list