News

Marketing Firm Exactis Leaks Personal Info of Almost Entire US

340 Million Individual Records

Exactis is not a company name many Americans are familiar with. However, judging by the size of the latest data leak discovered by security researchers, they certainly know many Americans. Exactis is a marketing data and aggregation firm, based out of Palm Coast, Florida.

Researcher Vinny Troia of Night Lion Security discovered earlier this month that Exactis’ database was exposed on a publicly accessible server. This database contains over 2 Terabytes of data, with close to 340 million individual records. Thankfully, it does not contain any Social Security or credit card information.

However, Exactis specializes in marketing data. So this database contains relevant information like names, phone numbers, home addresses, and email addresses.

Plus, each record even contains entries that go far beyond contact information and public records. This includes more than 400 variables on a vast range of specific characteristics. This includes factors such as as whether a person smokes, whether they are religious, or even if they have dogs or cats, and more.

Where exactly they get their information is unclear, which certainly makes the whole affair even scarier. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” says Troia.

How Does Something Like This Happen?

It is security researchers like Troia’s job to find possible network vulnerabilities like these. However, in the case of Exactis, it was not exactly difficult to find. Their records were all publicly available and the database was not behind a Firewall.

Troia reached out to both Exactis and the FBI about his discovery last week. So the company has since protected the data, rendering it inaccessible. However, Troia states that it is surprising if someone else didn’t already accessed the data prior to him finding it.

“I’m not the first person to think of scraping ElasticSearch servers,” he says. Referring to the fact that all it took was simply to use Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses.

How Can This Criminals Use This Information?

Identity theft is thankfully not possible due to the absence of social security numbers or credit card data in the database. However, due to the minute details and behavioural characteristics in the data leak, scammers can use it for social engineering.

While this may not be as massive as Yahoo leaking 3 billion user account information, it is even bigger than the Equifax breach affecting 145 million Americans. Just like that Equifax breach, many users with compromised information are even aware their information is in the database.

Ron Perillo

Disqus Comments Loading...

Recent Posts

Settlement Builder ‘Of Life and Land’ Launches Next Month

City builders are one of my favourite game genres, more so in the modern and…

2 hours ago

NZXT Function 2 Optical MINITKL Gaming Keyboard Review

NZXT has been making waves in the peripherals market, with some truly epic sound from…

2 hours ago

Epic Games Ransomware Attack Was Just a ‘Scam Operation’

Last week a ransomware group claimed they had stolen of data from Epic Games which…

2 hours ago

ZOWIE XL-X Gaming Monitors Feature 240 & 540 Hz Refresh Rates!

ZOWIE, BenQ’s professional Esports equipment brand, has today announced the launch of the new XL-X…

3 hours ago

The Original Unreal Tournament Receives The RTX Remix Treatment

We've already seen Unreal Tournament 2004 receive RTX Remix, so naturally someone has got to…

5 hours ago

PS1 Style Racing Game “Old School Rally” Heading to Early Access

I'm a big fan of old-school racing games, but since I am turning 40 this…

5 hours ago