A misconfigured server belonging to Indian company NetcoreCloud exposed 40 billion records and 13.4TB of data, revealing sensitive emails and internal details from global clients.
A major data exposure linked to NetcoreCloud, an India-based global email marketing and automation company, has drawn attention after cybersecurity researcher Jeremiah Fowler found a publicly accessible database containing more than 40 billion records. The 13.4 terabytes of data was left unprotected and unencrypted, giving anyone with access to its IP address a direct view into a massive amount of email communication records.
Fowler said the database appeared to contain mail logs and marketing data that included email addresses, message subjects, and internal delivery information. Among the files, he found healthcare notifications, banking activity alerts, and employment-related emails.
Some records contained partial account details and technical information like IP addresses and SMTP configuration data that were never meant to be public. Several entries were even labeled as confidential.
Based on hostnames and other identifiers, the data appeared to belong to Netcore Cloud Pvt. Ltd., a Mumbai, India-based provider serving more than 6,500 brands in 40 countries. The company’s platform supports email and automation services for clients across industries such as ecommerce, finance, media, and travel.
Once Fowler notified Netcore, the exposed database was quickly secured, and access was restricted the same day. According to his blog post for Website Planet, the company responded and requested further details to aid its internal review.
However, it remains unclear whether the exposed database was managed directly by Netcore or by a third-party vendor, or how long the data was accessible before Fowler found it.
There is also no confirmation that anyone else accessed the records. Only a full internal forensic audit could determine whether the data had been viewed or copied by unauthorised parties.
Cybercriminals are always scanning the internet for exposed databases. Based on recent incidents exclusively reported by Hackread.com, including the IMDataCenter exposure and the recent 6 billion records leak, both cases showed that third parties with malicious intent had accessed the misconfigured servers before they were taken offline.
The risk in an exposure of this scale goes beyond email spam or unwanted marketing messages. Fowler explained that detailed mail logs and recipient information can help cybercriminals understand how companies communicate, what services their customers use, and even the timing of financial transactions. That knowledge can be exploited for targeted phishing or social engineering campaigns that mimic legitimate business interactions.
He also noted that some of the records appeared to reference internal systems and production environments, including database names, update servers, and access points. Exposing that level of technical detail can act as a roadmap for attackers who may try to breach operational systems. Even without credentials, such information provides clues that make further intrusion attempts easier.
Fowler emphasized that he did not download or extract any data beyond a limited review to verify what was exposed and who might be affected. He contacted the company in line with responsible disclosure practices.
While it is not known how many of Netcore’s thousands of clients might have been affected, repeated entries likely inflated the overall record count. Still, the scale and sensitivity of the exposed material raise valid concerns about email privacy and enterprise data handling.
In his statement, Fowler clarified that his findings do not imply any wrongdoing or negligence by Netcore Cloud or its partners. The goal of the disclosure, he said, was to highlight the importance of safeguarding sensitive systems and to encourage organizations to regularly audit how their infrastructure handles and stores large-scale communication data.
