Exactis is not a company name many Americans are familiar with. However, judging by the size of the latest data leak discovered by security researchers, they certainly know many Americans. Exactis is a marketing data and aggregation firm, based out of Palm Coast, Florida.
Researcher Vinny Troia of Night Lion Security discovered earlier this month that Exactis’ database was exposed on a publicly accessible server. This database contains over 2 Terabytes of data, with close to 340 million individual records. Thankfully, it does not contain any Social Security or credit card information.
However, Exactis specializes in marketing data. So this database contains relevant information like names, phone numbers, home addresses, and email addresses.
Plus, each record even contains entries that go far beyond contact information and public records. This includes more than 400 variables on a vast range of specific characteristics. This includes factors such as as whether a person smokes, whether they are religious, or even if they have dogs or cats, and more.
Where exactly they get their information is unclear, which certainly makes the whole affair even scarier. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” says Troia.
It is security researchers like Troia’s job to find possible network vulnerabilities like these. However, in the case of Exactis, it was not exactly difficult to find. Their records were all publicly available and the database was not behind a Firewall.
Troia reached out to both Exactis and the FBI about his discovery last week. So the company has since protected the data, rendering it inaccessible. However, Troia states that it is surprising if someone else didn’t already accessed the data prior to him finding it.
“I’m not the first person to think of scraping ElasticSearch servers,” he says. Referring to the fact that all it took was simply to use Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses.
Identity theft is thankfully not possible due to the absence of social security numbers or credit card data in the database. However, due to the minute details and behavioural characteristics in the data leak, scammers can use it for social engineering.
While this may not be as massive as Yahoo leaking 3 billion user account information, it is even bigger than the Equifax breach affecting 145 million Americans. Just like that Equifax breach, many users with compromised information are even aware their information is in the database.
AMD has launched (thanks Wccftech) its new Ryzen 7 8745H APU, a part of the…
MSI has announced a new BIOS update in mid-August to address stability issues with Intel’s…
Many PC models from top brands have faced security breaches due to a weak BIOS…
Ahoy, Straw Hat fans! The wait is finally over. The beloved RPG adventure, ONE PIECE…
【Wireless & 1800mAh Battery Operated】Touch lamps bedside use a rechargeable large capacity battery of 1800mAh,…
Click to open expanded view F Energy efficiency label Product Sheet Lepro GU10 LED Bulbs, Warm White…