Exactis exposed 340 million personal records to the internet

Security Researchers Marketing Firm Data Leak Could Impact All American Adults			The Associated Press		29 Jun 2018

Security Researchers Marketing Firm Data Leak Could Impact All American Adults The Associated Press 29 Jun 2018

Earlier this month, security researcher Vinny Troia found that almost 2 terabytes of data was exposed, which seems to include personal information on hundreds of millions of USA adults and millions of businesses, the report said.

News of the leak first broke in an in-depth article by journalist Andy Greenberg, for Wired. The information that may have been accessed contains the records of about 230 million consumers and 110 million businesses.

A 2016 breach of AdultFriendFinder exposed the data of more than 412 million accounts, while Yahoo's 2013 hack exposed the personal data of about 3 billion accounts.

Troia said he informed Exactis and the Federal Bureau of Investigation that he was able to access the database on the internet earlier this month.

While credit card information and Social Security Numbers don't appear to have been leaked, the depth of information collected about each person is worrying, to say the least. He said he warned Exactis and the Federal Bureau of Investigation about the vulnerability, and the data is no longer publicly accessible.

Troia added, "I don't know where the data is coming from, but it's one of the most comprehensive collections I've ever seen". For example, things like religion, whether the person smoked or not, or if they had any pets are found within the database.

As well as the massive scope of the leak, the database went into astonishing detail about the lives of the people it covered. Like many previous breaches, this one was also found using Shodan that enables researchers (and others) to scan for internet connected devices.

It can be scanned using the command line interface of a computer, the most basic way of running queries, with the advantage being it is faster and less resource intensive.

Right now, it's not clear if criminals or hackers accessed the database, but Troia said it would have been easy for them to find. "I'd be surprised if someone else didn't already have this".

The data trove was discovered by a security researcher named Vinny Troia, according to Wired. If the numbers on Exactis' website are correct, this could potentially be one of the largest data security breaches in some time, beating the Equifax breach of a year ago and the recent Cambridge Analytica scandal which saw the private info of 87 million Facebook users allegedly left vulnerable.

While technically not a breach, Facebook said in March that most of its 2 billion users had their personal data "improperly shared" without their permission, including about 87 million profiles that were scraped by Cambridge Analytica.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.