[BreachExchange] Exactis said to have exposed 340 million records, more than Equifax breach

Richard Forno rforno at infowarrior.org
Wed Jun 27 18:41:49 EDT 2018


Exactis said to have exposed 340 million records, more than Equifax breach

https://www.cnet.com/news/exactis-340-million-people-may-have-been-exposed-in-bigger-breach-than-equifax/

We hadn't heard of the firm either, but it had data on hundreds of millions of Americans and businesses and leaked it, according to Wired.

Abrar Al-Heeti
June 27, 2018 2:14 PM PDT

If you're a US citizen, your personal information -- your phone number, home address, email address, even how many children you have -- may have just become easily available to hackers in an alleged massive data leak.

Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million individual records on a publicly accessible server, Wired reported. Earlier this month, security researcher Vinny Troia found that nearly 2 terabytes of data was exposed, which seems to include personal information on hundreds of millions of US adults and millions of businesses, the report said.

"It seems like this is a database with pretty much every US citizen in it," Troia told Wired.

Exactis didn't immediately respond to a request for comment or confirmation.

The alleged breach reportedly exposed highly personal information, such as people's phone numbers, home and email addresses, interests and the number, age and gender of their children. Credit card information and Social Security numbers don't appear to have been leaked. Troia told Wired that he doesn't know where the data is coming from, "but it's one of the most comprehensive collections I've ever seen."

Because Exactis hasn't confirmed the leak, it's hard to know exactly how many people are affected. But Troia found two versions of the database that each had around 340 million records, with roughly 230 million on consumers and 110 million on business contacts, according to Wired. Exactis says on its website that it has over 3.5 billion consumer, business and digital records.  

The data leak is noteworthy not only for its breadth, but also for the depth of information the records have on people. Every record reportedly has entries that include more than 400 variables on characteristics like whether the person smokes, what their religion is and whether they have dogs or cats. But Wired noted that in some instances, the information is inaccurate or outdated.  

Just because people's financial information or Social Security numbers weren't leaked doesn't mean they're not at risk for identity theft. The amount of personal information that was exposed could still help scammers impersonate or profile them. 

Huge compromises to personal information have been making headlines lately. In 2017, Equifax was involved in a massive data breach of 145.5 million people's data. And in October, Yahoo revealed that all 3 billion accounts were hacked in a 2013 breach. 



More information about the BreachExchange mailing list