Email provider leak containing over 40M records exposes L’Oreal, Renault, French Embassy traffic

loreal renault dhl — Image by Cybernews.

Alinto, a French email solutions provider, has accidentally exposed tens of millions of SMTP records. The data leak included email addresses and traffic of L’Oreal, Renault, and DHL, as well as numerous French government agencies.

Email provider Alinto accidentally exposed over 40 million SMTP records on a publicly accessible Elasticsearch cluster.
The leak revealed email addresses and traffic metadata from major corporations including L'Oreal, Renault, Carrefour, DHL, and others.
At least 14,000 unique French government email addresses were exposed, including those from embassies, municipalities, and government branches worldwide.
While email content was not leaked, exposed metadata enables targeted phishing attacks and helps attackers map corporate and government communication relationships.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Although email tech is as old as the internet itself, it is still the backbone of the digital economy. The Cybernews research team recently discovered a massive data leak from a company that provides email services to businesses and governments.

In late February this year, our researchers discovered 40 million Simple Mail Transfer Protocol (SMTP) records available to anyone. While SMTP records don’t reveal email content, they do include a treasure trove of metadata, ranging from email addresses to location details.

Cybernews disclosed the issue to Alinto, and even though the company did not reply, the issue was fixed the next day. The database is no longer publicly accessible. We have reached out to the company for comment and will update the article once we receive a reply.

The Lyon-headquartered firm provides enterprise email solutions focusing on security, and claims to process 100 million emails daily.

alinto sample 1 — Sample of the leaked data. Image by Cybernews.

What details did the Alinto data leak reveal?

Our team discovered 40 million exposed SMTP records on a public Elasticsearch cluster. According to them, the server that hosted the leaked cluster was also hosting an SMTP server under Cleanmail.eu, Alintos’ email security relay solution.

However, the company clarified that Serenamail SMPT Gateway logs were exposed, not Cleanmail, which is fully operated in another DC/country.

According to the team, the leaked records included:

Sender email addresses
Recipient email addresses
Location details
Relay IP addresses

alinto sample 2 — Sample of the leaked data. Image by Cybernews.

alinto sample 3 — Sample of the leaked data. Image by Cybernews.

While the leaked information did not include the content of the emails, at least 4.5 million of the 40 million records were unique email addresses. According to the team, the leak included a mix of personal and company emails and their domains.

“Among these, there were many established business entities that presumably use Alinto services to manage their email traffic, such as L’Oreal, Renault, Carrefour, DHL, Hermes, and others,” the team explained.

According to the team, “traffic” consists of sender addresses, receiver addresses, timestamps, as well as any email relays involved.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

“Having information about which addresses communicate between each other, and at what times reveal behavioural data, which can help with further attacks - impersonating a person you commonly communicate with, sending communications as expected when they are expected,” researchers said.

Moreover, this can also help build relationship maps which can be used to infer certain sensitive company information, such as launches of new products.

The exposed email domains included numerous French government institutions, ranging from government branches and municipalities to French embassies worldwide. At least 14,000 unique government email addresses were exposed in the Alinto data leak.

“The exposed records, from public and private sectors, referenced publicly available emails as well as emails tied to specific employees,” our team explained.

alinto sample 4 — Sample of the leaked data. Image by Cybernews.

alinto sample 5 — Sample of the leaked data. Image by Cybernews.

Why is the Alinto data leak dangerous?

Even though the data leak did not reveal email content, our researchers believe that exposed users still face elevated cybersecurity risks. For one, large email data leaks invite social engineering attacks against exposed organizations.

Attackers can cross-reference names in email addresses with specific positions within exposed organizations to focus on high-value targets who may have elevated access to sensitive information.

Moreover, our team believes that the Alinto data leak unintentionally exposed the email traffic of its client companies, further raising the risks.

alinto sample 6 — Sample of the leaked data. Image by Cybernews.

“Since Alinto offers email management solutions, when they expose client company email traffic, the potential attack surface becomes much bigger from the amount of client companies alone compared to leaking email traffic of a couple of companies communicating with each other,” the team explained.

Since the data leak includes government email addresses, attackers could attempt to target individuals to access government systems. At the same time, all individuals whose details were exposed may face an increased risk of phishing attacks.