• by Ray Schultz , April 13, 2020

Maropost has reiterated its argument that reports of a data breach at the firm were overstated.  

“A recent article describing the exposure of a log file held several gross inaccuracies,” the company says.   

CyberNews reported last week that 19 million unique email IDs and email logs containing such data as the time and date the emails were sent. 

“This means leaving the database in the open might have resulted in the exposure of presumably the entire Maropost email marketing client base, as well as the customers of those clients,” CyberNews said, adding that its research team had discovered the alleged breach. 

But Maropost contends: “The log exposure was not to the degree as reported and certainly not a data breach. It was however a misconfiguration of a test server led to a port being open to the public network.” 

The company continues: “On this test server was the log file used to test the performance of a service – which held a handful of Message Transfer events that contained randomized email addresses (no first name, last name, phone number, client names, or any other identifiable information was within the log file) some real and some not from a customer log that was approved for use.”

Maropost concludes: “Corrective measures to prevent the exposure of any logs from happening again whether a test or not have been implemented.”