June 29, 2018
While the chaos for the infamous Equifax data breach hasn’t ended, here we have another news story about another massive breach. This time, the marketing company ‘Exactis’ unwittingly exposed customers’ data. A researcher found approx. 340 million records from the Exactis data leaked online. Presently, we are not sure whether any hacker(s) had a hand in causing the leak.
Exactis Data Leaked Details Of 340 Million Americans
As disclosed by Wired on Wednesday, marketing firm Exactis exposed a huge chunk of records from its database online. Reportedly, approximately 340 million records from Exactis was leaked on publicly accessible servers. Security researcher, Vinny Troia, discovered the data containing personal information of the users.
According to Vinny Troia, the data included the details of about 230 million American individual users. Whereas, the remaining 110 million records were business data. It is yet unknown how long the data has been available on that public server. The leaked details include names, contact addresses, contact numbers, email addresses, and other personally identifiable information. However, it luckily has no financial details.
Vinny Troia is an independent security researcher and the owner of his cybersecurity firm ‘Night Lion Security’. While talking about the incident to Wired, he said,
“It seems like this is a database with pretty much every US citizen in it. I don’t know where the data is coming from, but it is one of the most comprehensive collections I have ever seen.”
Though it’s yet unknown if the data is in the hands of hackers, Troia says that finding this data online is way easier than one might expect. He himself stumbled upon this chunk as he was scraping ElasticSearch using ‘Shodan’. According to him, anybody using such scanning software can easily trace such databases.
Exactis Preferred To Stay Quiet
After discovering the data, Vinny Troia informed Exactis and FBI about his discovery. Since then, Exactis has most probably protected the data as it’s no more accessible. However, the firm has given no official statements about the incident.
Yet, several other security analysts have expressed their thoughts regarding the matter.
“The sheer amount of cloud databases left accessible on the internet is astounding, especially when one considers the type and amount of data that users store on it without giving it a second thought,”
says John Robinson, security strategist at Cofense Inc.
Likewise, Marc Rotenberg, Executive Director at the EPIC comments,
“The likelihood of financial fraud is not that great, but the possibility of impersonation or profiling is certainly there.”
As we haven’t heard anything from Exactis regarding the incident, it is yet unknown how did such a large piece of data was leaked publicly, whether it was accidentally placed there by Exactis, or was the result of a hack. Likewise, we aren’t sure if more of such data is available on any other servers. Yet, from what we know by now, the incident appears somewhat similar to the MyHeritage data breach that exposed 92 million records on external servers.
