Veeam Accidentally Exposes 445m Records

Veeam, a popular backup and disaster recovery software company, has recently blundered and exposed 445 million customer records which include name, email addresses, countries, customer’s company sizes, and some IP addresses. This stems from a configuration issue that left their AWS hosted 200Gb MongoDb database, “open and defenseless”. This was first discovered by a former security researcher, Bob Diachenko, last Tuesday (Sept. 11, 2018). After Veeam was notified by TechCrunch of the exposure, the server was brought offline within 3 hours to secure the database. Veeam spokesperson Heidi Kroft commented stating that,

“We will continue to conduct a deeper investigation and we will take appropriate actions based on our findings.”

While the information exposed isn’t enough for outright exploits it does arm malicious individuals and other “bad actors” with relevant information for targeted phishing and spam attacks.


Was My Data Exposed?

Here is a nice website where you can see if your email address was involved in any exploits or hacks. This will tell you if your information was made public.


I am fairly certain that Systech is using Veeam for backup for our company.
When clicking on the link in this article, the website that comes up is as follows:
This is a really strange address so I did not check my email address.
Is it legit?

Hi Terry,

That is correct. I’m glad you asked, always better to be safe vs sorry.

That link is valid albeit odd looking. It is a reputable website where you can search your email address to see if it was involved in any data breaches. Please be aware that since this Veeam breach was so recent, it might not yet show up if you search your email address.

I hope this helps!
Thank you!

Comments are closed.