Exactis said to have exposed 340 million records, more than Equifax breach

[Richard Forno <rforno () infowarrior org>]

Exactis said to have exposed 340 million records, more than Equifax breach

https://www.cnet.com/news/exactis-340-million-people-may-have-been-exposed-in-bigger-breach-than-equifax/

We hadn't heard of the firm either, but it had data on hundreds of millions of Americans and businesses and leaked it, 
according to Wired.

Abrar Al-Heeti
June 27, 2018 2:14 PM PDT

If you're a US citizen, your personal information -- your phone number, home address, email address, even how many 
children you have -- may have just become easily available to hackers in an alleged massive data leak.

Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million individual 
records on a publicly accessible server, Wired reported. Earlier this month, security researcher Vinny Troia found that 
nearly 2 terabytes of data was exposed, which seems to include personal information on hundreds of millions of US 
adults and millions of businesses, the report said.

"It seems like this is a database with pretty much every US citizen in it," Troia told Wired.

Exactis didn't immediately respond to a request for comment or confirmation.

The alleged breach reportedly exposed highly personal information, such as people's phone numbers, home and email 
addresses, interests and the number, age and gender of their children. Credit card information and Social Security 
numbers don't appear to have been leaked. Troia told Wired that he doesn't know where the data is coming from, "but 
it's one of the most comprehensive collections I've ever seen."

Because Exactis hasn't confirmed the leak, it's hard to know exactly how many people are affected. But Troia found two 
versions of the database that each had around 340 million records, with roughly 230 million on consumers and 110 
million on business contacts, according to Wired. Exactis says on its website that it has over 3.5 billion consumer, 
business and digital records.  

The data leak is noteworthy not only for its breadth, but also for the depth of information the records have on people. 
Every record reportedly has entries that include more than 400 variables on characteristics like whether the person 
smokes, what their religion is and whether they have dogs or cats. But Wired noted that in some instances, the 
information is inaccurate or outdated.  

Just because people's financial information or Social Security numbers weren't leaked doesn't mean they're not at risk 
for identity theft. The amount of personal information that was exposed could still help scammers impersonate or 
profile them. 

Huge compromises to personal information have been making headlines lately. In 2017, Equifax was involved in a massive 
data breach of 145.5 million people's data. And in October, Yahoo revealed that all 3 billion accounts were hacked in a 
2013 breach. 

_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange