back to article Veeam holds its hands up, admits database leak was plain 'complacency'

Veeam has blamed "human error" for the exposure of a marketing database containing millions of names and email addresses. The unencrypted MongoDB resource was left open for anyone to view after a migration between different AWS systems, Peter McKay, co-CEO and president at Veeam, told The Register. The resource – which wasn't …

  1. GnuTzu


    Finally, a response that amounts to more than the nauseating cliche: "we take blah, blah, blah seriously"!

  2. TonyJ

    Like the open and seemingly honest approaches - first, they clearly took seriously, and listened to, the guy who reported the problem and took swift action. Secondly they have put up their hands and admitted it was simple human error.

    Never great it happens but... Kudos for the way they've responded.

    1. tiggity Silver badge

      .. although still very embarrassing considering their industry sector

  3. Doctor Syntax Silver badge

    "whether or not Veeam might decide to migrate away from the NoSQL vendor is a tactical question for its techies."

    It might be a strategic question for them. Having all this data swinging in the breeze sounds more likely a tactical question for their marketroids.

  4. Androgynous Cow Herd


    4.5 million unique records, many of which were replicated multiple times.

    sounds like a crappy database anyway.

  5. JohnFen


    I have much greater trust in companies (and people) who understand, admit, and correct their error than in companies (and people) who pretend that there was no error or that it wasn't their fault.

    That's a very good look, Veeam.

  6. chivo243 Silver badge
    Thumb Up

    Mr. McKays personal letter to me

    We're good Peter... thanks for coming clean.

    Dear Veeam community member,

    Veeam is committed to maintaining the privacy and security of your personal information. For this reason, I am writing to personally notify you about a recent incident affecting one of our marketing databases. Because we value the importance of your privacy and information security, we are treating this matter very seriously.

    What happened?

    We recently became aware that one of our marketing databases, which was not easily discoverable, may have been accessible to unauthorized third parties for a limited time due to human error. As soon as we validated the issue, we quickly secured that database. Once secured, we launched a full investigation into the scope of the incident, and took corrective measures to reduce the risk of future such incidents.

    What information was involved?

    The exposed database contained non-sensitive marketing records, such as name and email address, and in some instances IP addresses. It is possible that this information was visible to an outside third party for a limited time.

    What actions were taken?

    Veeam takes the privacy and security of your personal information seriously. As soon we validated the incident, we moved quickly to ensure the database was properly secured and to limit any further exposure. We are now actively investigating the matter to ensure that it does not happen again. As a company, we value honesty and openness, which is why I wanted to personally assure you that steps have been taken to prevent a similar issue from occurring in the future. We sincerely apologize for any stress or inconvenience this issue may have caused for you.

    Please direct any questions to In addition, please use only your Veeam account page to adjust your contact information. Veeam will NOT ask you to update your information by email.

    Thank you for being a valued business partner to Veeam.

    Peter McKay

    President and Co-CEO


  7. MAH

    We recently became aware that one of our marketing databases, which was not easily discoverable,

    that's a bit of a fib since anyone can access shodan, but pretty good otherwise...

    1. Roland6 Silver badge

      >that's a bit of a fib since anyone can access shodan

      and the search terms and criteria needed to return a results set with this specific database either on the first page or in the first couple of results pages?

  8. DCFusor
    Black Helicopters

    A VERY interesting issue

    Was mentioned that I've been thinking about for quite awhile with all the reported leaks - including some important ones like credit agencies or OPM.

    They never mention if the hacker modified the database, which as this article points out, is not hard at all if you have access - you needn't be so crass as to just delete the whole thing for ransom.

    What if you had some other agenda - some version of "deep fakery" in mind. Screw up someone's credit rating or security clearance in a way that would be near impossible for them to dispute. Or, perhaps better - GIVE yourself a good rating in credit or security and pass yourself off as someone worth of tons of money or access to secrets.

    It's interesting to me how silent the authorities are on this one...I didn't know there were that many crickets on the planet. It has to be a concern, else every security person having anything whatever to do with those outfits should be fired or maybe even tried in court.

  9. Ipapaveri

    He Gawn

    PMac has now left Veeam - no el reg article on this yet?

    1. diodesign (Written by Reg staff) Silver badge

      Re: He Gawn

      It's on our sister site, Blocks and Files:


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like