Covve
  • Total Records56,026,285
  • Unique Emails21,074,728
  • Unique Usernames4,853,723
  • Unique First Names38,865,208
  • Unique Addresses4,280,853

Covve Data Breach: Over 59 Million Contact Records Exposed in February 2020

In mid-February 2020, Covve—a digital address book and contacts management app—experienced a significant data breach. On February 15, a publicly accessible ElasticSearch database associated with Covve was discovered online, exposing an extensive array of personal contact details. This database, which contained more than 59 million records, held sensitive information not just about Covve’s own users but also their professional and personal contacts, resulting in a massive digital spill of names, emails, phone numbers, addresses, company affiliations, and social profile links. The scale of this incident made it one of the larger exposures in the contact management space, pulling back the curtain on just how much personal information can be at risk when cloud storage is not properly secured.

What Happened in the Covve Breach?

The breach unfolded when an ElasticSearch instance, tied to Covve’s contact management app, was left openly accessible without authentication requirements. Security researchers spotted this unprotected server online, leading to the discovery that millions of detailed contact records spanning Covve’s user base and their interactions had been indexed and exposed.

Scope of the Breach and Data Involved

Altogether, the Covve breach impacted 59,026,280 individual records. The database contained rich information about people stored as contacts, which included:

  • Full names, including titles, middle names, and suffixes
  • Email addresses
  • Phone numbers
  • Company names and affiliations
  • Full addresses and country details
  • URLs and social media profiles

It’s important to note that this breach did not just affect direct Covve users, but also the individuals saved within their address books, broadening the impact outside the original userbase.

Timeline of Events

February 15, 2020 marks the date when the exposed ElasticSearch server was first discovered. Following the disclosure, Covve acted to secure the database, but the incident highlighted just how quickly and broadly sensitive information can spread when misconfigurations in data storage occur.

FAQ about the Covve Data Breach

What personal data was leaked in the Covve data breach?

The Covve breach leaked contact details such as names, emails, phone numbers, addresses, company information, URLs, and social profile links stored in users’ digital address books.

How many users and records were affected by the Covve breach?

Over 59 million individual records were exposed, including both Covve users and the contacts saved within their accounts.

When did the Covve data breach happen?

The breach occurred on February 15, 2020, when an open ElasticSearch instance was found online containing Covve app data.

What was Covve and why did it have so much personal data?

Covve was a contacts management app allowing users to organize and enrich contact details. Because the app synced and managed users’ address books, it held extensive personal and professional information for millions of contacts.

How can I check if I’m in the Covve data breach?

You can check if your information was part of the Covve breach by utilizing the DeHashed search engine.