Still recovering from Equifax data breach? Not sure how some company that you had never heard about before was keeping a check on your finances? Well, you have more worries to add to that list of questions because there is another company storing data on hundreds of millions of Americans, and storing it on a publicly accessible server…
Exactis, a Florida-based marketing and data aggregation firm, managed to expose a database carrying over 340 million records containing highly personal information. According to security researchers, 2 terabytes of data was exposed that included information, such as:
Related Deja Vu? T-Mobile Website Bug Let Anyone See Any Customer’s Account Details via Subscriber’s Phone Number
- Phone number
- Home address
- Email address
- Number, age and gender of your children
- Your interests and habits
- Religion
- If you have pets
- If you wear plus-size apparel
- If you read books
- And nearly 400 other similar and very detailed data points on every person
“It seems like this is a database with pretty much every US citizen in it,” security researcher Vinny Troia of Night Lion Security told Wired. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”
Troia says that whoever he has looked up in these records, he has found them.
“I looked up a bunch of my friends and the data was all pretty accurate. This is more information that other people can use to create scams or do fraudulent activities.”
While credit card information and Social Security Numbers don’t appear to have been leaked, the depth of information collected about each person is worrying, to say the least.
Related GDPR Isn’t Here Yet but This University Is Already Paying Fines for a 2004 Data Exposure
The era of data mining companies like Exactis promising “laser-like precision” and the obvious dangers of data exploitation
Facebook came under fire earlier this year for enabling data brokers to have a little too much fun. However, these data mining companies usually operate legally and their business model is supported by advertisers and then businesses themselves who get to target users more accurately. Exactis also openly flaunts having access to millions and millions of people’s data (possibly without any of them knowing about it).
This reliance on data aggregator firms has ended up creating an online space where users continue to share more and more about their lives, and businesses, small and large, continue to hire firms that enable them to target these users.
But having no boundaries, regulations, or privacy expectations has started to result in some massive headaches for users. From phishing to scams to financial frauds, it has become increasingly easier for criminals to also take a big pie of this industry.
“Data is the fuel that powers Exactis. Layer on hundreds of selects including demographic, geographic, lifestyle, interests, and behavioral data to target highly specific audiences with laser-like precision.
“Warehousing over 3.5 billion consumer, business, and digital records, The Exactis Data Cloud provides knowledge and insight to hundreds of firms enabling them to achieve marketing success through the use of high quality data.” an excerpt from Exactis website.
Server secured but what about the data?
After Troia contacted Exactis and the FBI about this massive data breach, the company protected the database and it’s no longer accessible. However, it remains unclear if any hackers or criminals managed to get access to it during the time it was exposed. Like many previous breaches, this one was also found using Shodan that enables researchers to scan for internet connected devices.
Exactis data breach follows other unprecedented data breaches, including Yahoo that affected all of its 3 billion accounts (but didn’t have such a detailed information on each account) and Equifax that affected over 147 million people’s financial and personal data.
While this story of an openly data-obsessed company is right out of 1984, it is highly unlikely if Exactis fears any kind of retribution. As reported earlier, Equifax managed to go free without getting any financial fines despite leaking financial details of over 147 million Americans. These examples only set a dangerous precedent for other companies to continue not only hoarding user data but also storing it without much caution.
