A massive unprotected database linked to Indian marketing platform Netcore Cloud was found exposed online, revealing over 40 billion email and system log records.
What happened
According to Hackread, cybersecurity researcher Jeremiah Fowler discovered an unencrypted, non-password-protected database containing more than 40 billion records totaling 13.4 TB. The exposed data included marketing communications, account verification messages, and notifications related to banking or employment.
Fowler identified hostnames linking the data to Netcore Cloud Pvt. Ltd, a Mumbai-based AI-powered marketing and email automation company serving more than 6,500 brands across 40 countries. After being notified, Netcore promptly secured the database the same day.
It remains unclear whether Netcore or a third-party contractor directly managed the exposed data. The duration of exposure and whether unauthorized parties accessed the data are also unknown.
Going deeper
A review of sample records revealed email addresses, message subjects, and in some cases, banking or healthcare-related notices with partial account numbers and IP details. Many of these records were labeled “confidential.”
Beyond individual privacy concerns, the exposure presents wider cybersecurity risks. With such a large volume of email logs and metadata, attackers could use this information to design targeted phishing or spoofing campaigns that mimic legitimate account alerts or corporate emails. Clone-phishing attacks could trick users into revealing financial or login credentials.
Further analysis also found 89 open network ports associated with the exposed IP address. While not inherently malicious, that many exposed endpoints can increase the risk of exploitation through brute-force attempts, vulnerability testing, or unauthorized access to internal systems.
What was said
Netcore Cloud acknowledged Fowler’s report, confirmed that access to the database was restricted immediately, and thanked him for his responsible disclosure. The company has not commented publicly on how long the data was exposed or on findings regarding potential third-party involvement.
Fowler clarified that he did not download or extract any data, instead conducting a limited manual review to confirm ownership and assess risks. He stated that his findings were for educational purposes and did not suggest that Netcore’s internal systems or user data were directly compromised.
The big picture
According to Hackread, “cybercriminals are always scanning the internet for exposed databases.” In recent incidents such as the IMDataCenter exposure and the massive six billion records leak, Hackread reported that “third parties with malicious intent had accessed the misconfigured servers before they were taken offline.” The Netcore Cloud exposure fits into this same pattern, showing how quickly unprotected systems can be discovered and exploited once they appear online.
Hackread further noted that “the risk in an exposure of this scale goes beyond email spam or unwanted marketing messages.” Detailed mail logs and recipient data can help attackers “understand how companies communicate, what services their customers use, and even the timing of financial transactions.” That information can then be used to launch convincing phishing or social engineering campaigns that closely mimic legitimate business interactions.
FAQs
How could exposed email metadata be misused by cybercriminals?
Attackers could analyze message headers, subjects, and sender addresses to craft convincing phishing or spoof emails that imitate trusted brands or institutions.
What are open ports, and why do they matter in this context?
Open ports are access points on a networked server. Having many exposed ports increases the risk of cyberattacks if any service running behind them is misconfigured or outdated.
What should businesses using third-party marketing services do after such incidents?
They should verify vendor compliance with security frameworks, request audit reports, and implement regular monitoring to ensure data is stored securely.
Farah Amod
