Exactis said to have exposed 340 million records, more than Equifax breach

["Dave Farber" <farber () gmail com>]

> Begin forwarded message:
>
> From: Richard Forno <rforno () infowarrior org>
> Subject: Exactis said to have exposed 340 million records, more than Equifax breach
> Date: June 28, 2018 at 7:41:49 AM GMT+9
> To: Infowarrior List <infowarrior () attrition org>
> Cc: dataloss <breachexchange () lists riskbasedsecurity com>, Dave Farber <dave () farber net>
>
> Exactis said to have exposed 340 million records, more than Equifax breach
>
> https://www.cnet.com/news/exactis-340-million-people-may-have-been-exposed-in-bigger-breach-than-equifax/
>
> We hadn't heard of the firm either, but it had data on hundreds of millions of Americans and businesses and leaked 
> it, according to Wired.
>
> Abrar Al-Heeti
> June 27, 2018 2:14 PM PDT
>
> If you're a US citizen, your personal information -- your phone number, home address, email address, even how many 
> children you have -- may have just become easily available to hackers in an alleged massive data leak.
>
> Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million individual 
> records on a publicly accessible server, Wired reported. Earlier this month, security researcher Vinny Troia found 
> that nearly 2 terabytes of data was exposed, which seems to include personal information on hundreds of millions of 
> US adults and millions of businesses, the report said.
>
> "It seems like this is a database with pretty much every US citizen in it," Troia told Wired.
>
> Exactis didn't immediately respond to a request for comment or confirmation.
>
> The alleged breach reportedly exposed highly personal information, such as people's phone numbers, home and email 
> addresses, interests and the number, age and gender of their children. Credit card information and Social Security 
> numbers don't appear to have been leaked. Troia told Wired that he doesn't know where the data is coming from, "but 
> it's one of the most comprehensive collections I've ever seen."
>
> Because Exactis hasn't confirmed the leak, it's hard to know exactly how many people are affected. But Troia found 
> two versions of the database that each had around 340 million records, with roughly 230 million on consumers and 110 
> million on business contacts, according to Wired. Exactis says on its website that it has over 3.5 billion consumer, 
> business and digital records.  
>
> The data leak is noteworthy not only for its breadth, but also for the depth of information the records have on 
> people. Every record reportedly has entries that include more than 400 variables on characteristics like whether the 
> person smokes, what their religion is and whether they have dogs or cats. But Wired noted that in some instances, the 
> information is inaccurate or outdated.  
>
> Just because people's financial information or Social Security numbers weren't leaked doesn't mean they're not at 
> risk for identity theft. The amount of personal information that was exposed could still help scammers impersonate or 
> profile them. 
>
> Huge compromises to personal information have been making headlines lately. In 2017, Equifax was involved in a 
> massive data breach of 145.5 million people's data. And in October, Yahoo revealed that all 3 billion accounts were 
> hacked in a 2013 breach. 




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180627202220:5007583C-7A69-11E8-B85F-B1EF0C63B10F
Powered by Listbox: http://www.listbox.com