Data Breach Friday: Still recovering from the Equifax data breach? Not sure how some company that you had never heard about before was keeping a check on your finances? Well, you have more worries to add to that list of questions because there is another company storing data on hundreds of millions of Americans, and storing it on a publicly accessible server…
Exactis, a Florida-based marketing and data aggregation firm, managed to expose a database carrying over 340 million records containing highly personal information. According to security researchers, 2 terabytes of data was exposed that included information, such as:
- Phone number
- Home address
- Email address
- Number, age and gender of your children
- Your interests and habits
- If you have pets
- If you wear plus-size apparel
- If you read books
- And nearly 400 other similar and very detailed data points on every person
“It seems like this is a database with pretty much every US citizen in it,” security researcher Vinny Troia of Night Lion Security told Wired. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”
Troia says that whoever he has looked up in these records, he has found them.
While credit card information and Social Security Numbers don’t appear to have been leaked, the depth of information collected about each person is worrying, to say the least.
The era of data mining companies like Exactis promising “laser-like precision” and the obvious dangers of data exploitation
Facebook came under fire earlier this year for enabling data brokers to have a little too much fun. However, these data mining companies usually operate legally and their business model is supported by advertisers and then businesses themselves who get to target users more accurately. Exactis also openly flaunts having access to millions and millions of people’s data (possibly without any of them knowing about it).
This reliance on data aggregator firms has ended up creating an online space where users continue to share more and more about their lives, and businesses, small and large, continue to hire firms that enable them to target these users.
But having no boundaries, regulations, or privacy expectations has started to result in some massive headaches for users. From phishing to scams to financial frauds, it has become increasingly easier for criminals to also take a big pie of this industry.
Server secured but what about user data?
After Troia contacted Exactis and the FBI about this massive data breach, the company protected the database and it’s no longer accessible. However, it remains unclear if any hackers or criminals managed to get access to it during the time it was exposed. Like many previous breaches, this one was also found using Shodan that enables researchers (and others) to scan for internet connected devices.
Exactis data breach follows other unprecedented data breaches, including Yahoo that affected all of its 3 billion accounts (but didn’t have such a detailed information on each account) and Equifax that affected over 147 million people’s financial and personal data.
While this story of an openly data-obsessed company is right out of 1984, it is highly unlikely if Exactis fears any kind of retribution. As reported earlier this evening, Equifax managed to go free without getting any financial penalties despite leaking Social Security Numbers and other personal details of over 147 million Americans. These examples only set a dangerous precedent for other companies to continue not only hoarding user data but also storing it without much caution.
This article was originally published on June 28, 2018 by Rafia Shaikh at https://wccftech.com/340-million-americans-data-breach/