Veeam contacts partners after data leak

Vendor tells partners that 'human error' led to the exposure of data

Veeam has apologised to partners after "human error" led to the exposure of millions of data records.

Security researcher Bob Diachenko uncovered the breach earlier this week, claiming that 445 million records were exposed as a result of a misconfigured server.

Veeam later claimed that many of these records were duplicates, estimating that around 4.5 million unique email addresses were in the database.

In an email sent to partners, seen by CRN, Veeam said that one of its marketing databases "may have been accessible to unauthorised third parties for a limited time due to human error".

The message, attributed to Veeam's co-CEO Peter McKay, also stated: "As soon as we validated the issue, we quickly secured that database. Once secured, we launched a full investigation into the scope of the incident, and took corrective measures to reduce the risk of future such incidents.

"The exposed database contained non-sensitive marketing records, such as names and email addresses, and in some instances IP addresses. It is possible that this information was visible to an outside third party for a limited time.

"As soon we validated the incident, we moved quickly to ensure the database was properly secured and to limit any further exposure. We are now actively investigating the matter to ensure that it does not happen again. As a company, we value honesty and openness, which is why I wanted to personally assure you that steps have been taken to prevent a similar issue from occurring in the future."

CRN has contacted Veeam for comment.