Exactis leak exposes database with 340 million records

Share

Troia says that the database covers "pretty much every USA citizen", Wired continues.

The exposure, which affected a database with nearly 2 terabytes of data, includes 340 million records on 230 million consumers and 110 million businesses. However, the database did include names, phone numbers, home addresses, email addresses, and other details that could quickly identify a person. Records also contained information such as what interests or habits an individual has or if they had kids and how many.

Vinny Troia, a security researcher, had found a huge database with details of 340 million people, 230 million consumers and 110 million business contacts. So the company has since protected the data, rendering it inaccessible. He found the database by searching for ElasticSearch servers using the search tool Shodan.

Exactis, which has yet to issue a statement on the apparent breach, reportedly employs just 10 people. People who did so and want to make any big purchase may find the same. But majority probably aren't as big as what happened with Exactis, a marketing and data aggregation company.

Identity theft is thankfully not possible due to the absence of social security numbers or credit card data in the database.

Although it's not yet clear whether anyone with criminal or other malicious intent has accessed the database, he believes others must have made the same discovery.

More news: Kirsten Gillibrand, Bill DeBlasio Call To Abolish ICE

Adidas announced this week that it recently discovered a data breach that may have exposed data belonging to American consumers. Also included amongst the data was individual's religion, whether a person smokes, types of pets, and much more.

On its website, Exactis said it maintained 3.5 billion consumer, business and digital records, including "demographic, geographic, firmographic, lifestyle, interests, CPG, automotive, and behavioral data". Email addresses, addresses, phone numbers as well as family information like number of children, genders and much more are in this leak.

"I wrote a script to literally query all of them and put the output into a file and then looked for specific keywords within the tables that might be interesting like name, date of birth", he says.

Still, the incident raises an unsettling question: Did any hackers notice the 340 million records too?

The so-called "ethical hacker" and researcher Inti De Ceukelaire published a story on Medium describing how a security flaw on the popular Facebook quiz Nametests.com "publicly exposed information of their more than 120 million monthly users - even after they deleted the app".

Executive Director Marc Rotenberg of the nonprofit Electronic Privacy Information Center's says, "The likelihood of financial fraud is not that great, but the possibility of impersonation or profiling is certainly there".

Share