Exactis is not a company name many Americans are familiar with. However, judging by the size of the latest data leak discovered by security researchers, they certainly know many Americans. Exactis is a marketing data and aggregation firm, based out of Palm Coast, Florida.
Researcher Vinny Troia of Night Lion Security discovered earlier this month that Exactis’ database was exposed on a publicly accessible server. This database contains over 2 Terabytes of data, with close to 340 million individual records. Thankfully, it does not contain any Social Security or credit card information.
However, Exactis specializes in marketing data. So this database contains relevant information like names, phone numbers, home addresses, and email addresses.
Plus, each record even contains entries that go far beyond contact information and public records. This includes more than 400 variables on a vast range of specific characteristics. This includes factors such as as whether a person smokes, whether they are religious, or even if they have dogs or cats, and more.
Where exactly they get their information is unclear, which certainly makes the whole affair even scarier. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” says Troia.
It is security researchers like Troia’s job to find possible network vulnerabilities like these. However, in the case of Exactis, it was not exactly difficult to find. Their records were all publicly available and the database was not behind a Firewall.
Troia reached out to both Exactis and the FBI about his discovery last week. So the company has since protected the data, rendering it inaccessible. However, Troia states that it is surprising if someone else didn’t already accessed the data prior to him finding it.
“I’m not the first person to think of scraping ElasticSearch servers,” he says. Referring to the fact that all it took was simply to use Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses.
Identity theft is thankfully not possible due to the absence of social security numbers or credit card data in the database. However, due to the minute details and behavioural characteristics in the data leak, scammers can use it for social engineering.
While this may not be as massive as Yahoo leaking 3 billion user account information, it is even bigger than the Equifax breach affecting 145 million Americans. Just like that Equifax breach, many users with compromised information are even aware their information is in the database.
I must admit I'm fairly new to One Piece, as my Son has been mad…
If you are a fan of rally driving and VR gaming? Then today is a…
AMD has released a new driver, and if you're eager to play or are already…
While I'm not familiar with the Bilibili streaming platform, it was the source of a…
As Computex 2024 approaches, the tech industry buzzes with anticipation for a series of high-profile…
MSI, a key player in the graphics card market, appears to be shifting its focus…