Data Security

Misconfiguration spills over 40M SMTP records linked to major firms

concept of leaky software, data with a tap sticking out.3d illustration

Cybernews reports that more than 40 million SMTP records, including email addresses and traffic metadata from leading corporations DHL, L'Oreal, Renault, and Hermes, have been inadvertently exposed by French email solutions firm Alinto as a result of an unprotected Elasticsearch cluster.

Also leaked by the misconfigured cluster which is hosted by a server that also caters to Alinto's Cleanmail.eu email security relay solution and has since been secured by Alinto were at least 14,000 unique French government email addresses, including those belonging to municipalities, government agencies, and embassies around the world, according to Cybernews researchers. While no email content has been compromised, threat actors could conduct cross-referencing for targeted intrusions.

"Since Alinto offers email management solutions, when they expose client company email traffic, the potential attack surface becomes much bigger from the amount of client companies alone compared to leaking email traffic of a couple of companies communicating with each other," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds