Marketing firm Exactis leaks personal data of 340 million people

Data leaks and the ensuing privacy concerns have almost become a common event in today's world, with many companies taking the spotlight at some point for exposing their customers' private information. But most of them probably aren't as big as what happened with Exactis, a marketing and data aggregation company.

As reported by Wired, it was discovered earlier this month that the company exposed a database containing records for about 340 million individuals - both people and businesses - on an unprotected server, amounting to a whopping two terabytes of personal data. Vinny Troia, who discovered and reported the situation, says that, fortunately, the data doesn't seem to contain sensitive information such as credit card or social security numbers, but it does go into an insane level of detail as far as personal aspects of one's life are concerned.

The leaked data includes details such as names, home and e-mail addresses, phone numbers, details such as the gender of a person's children, smoking habits, religion, and more, adding up to 400 variables of very personal information. With financial information apparently not being part of the leak, outright financial fraud may not be a major concern, but the sheer amount of data could allow an ill-intentioned third-party to impersonate the people on the database in other ways.

Troia also points out that he's been able to discover information on almost every person he's searched for in the database, going as far as saying that it contains data for "pretty much every citizen in the US". With 230 million single people found in the records (the other 110 million records refer to businesses), this is certainly a very large-scale incident, and it differs from some other data leaks such as T-Mobile's in that most of the people on the database probably aren't aware that they're on it.

With that being said, it's worth pointing out that there's no indication that anyone actually got their hands on this data. While it's publicly accessible, the server wouldn't have been found with a simple Google search, and anyone looking to obtain such information would have to know where to look. Troia discovered the database using the Shodan search tool while testing the security of ElasticSearch databases.

Since the issue was reported to Exactis, the firm has taken the database down and it seems to no longer be accessible, but it's still unknown just how many people might have been affected by the leak, as the company has declined to comment on the incident.

Source: Wired | Image credit: Absolute Blog

Report a problem with article
Next Article

A wide range of newer Android devices are exposed to RAMpage vulnerability

Previous Article

Samsung Messages could be sending your friends your entire gallery without your knowledge

3 Comments - Add comment