Published: Sun, July 01, 2018
Business | By Eloise Houston

Exactis Data Leak Covers Almost All Americans, Email Addresses Included 06/28/2018

Exactis Data Leak Covers Almost All Americans, Email Addresses Included 06/28/2018

The database is not reported to include credit card information or Social Security numbers.

According to MarketWatch, Exactis, the Florida-based marketing and data company allegedly responsible for the situation, may have exposed almost two terabytes of personal data.

"It seems like this is a database with pretty much every United States citizen in it", said Troia, who is the founder of New York-based security company Night Lion Security. Exactis has since then protected the data, making it unclear now just how long it has sat exposed online.

If the claims about the volume of the Exactis breach are correct, this would make it larger than the 2017 Equifax breach of data on 145.5 million people, but smaller than Yahoo's breach past year of 3 billion accounts, Wired reported, adding the difference was individuals in the Exactis breach were unaware they were even in the database.

As well as the massive scope of the leak, the database went into astonishing detail about the lives of the people it covered. That's how many personal records of Americans may have been exposed after a Florida marketing company allegedly kept that information on a public server. Approximately, about 230 million records are of USA adults while the remaining 110 million are of US business contacts. Wired reported that Exactis secured the databases after Troia revealed the problem, which should mean it can't be accessed by anyone else. "Because of that, we have absolutely no control over how to keep it safe from hackers when certain companies decide not to apply a standard level of care or certain safeguards to that information", said Amy Keller of DiCello Levitt, who is also co-lead counsel in the Equifax data breach case with colleague Adam Levitt. But he says the personal data in the Exactis database would still be useful for spam or fraud. He found the database by searching for ElasticSearch servers using the search tool Shodan.

The technique Troia used to find the database was pretty simple, involving a widely-used piece of software for scanning the Internet for such things, and he reckons others may have easily already found the information. "I can't say one way or the other whether or not they seemed surprised".

On its website, Exactis said it maintained 3.5 billion consumer, business and digital records, including "demographic, geographic, firmographic, lifestyle, interests, CPG, automotive, and behavioral data".

"By analyzing the empirical evidence in your customer database, Exactis can identify the most descriptive traits and segments of your ideal customer, and use that information to understand behaviors, target unique segments, even determine the mix of products or services that are most effectively marketed together", it claims. Speaking with Wired, the president of the Electronic Privacy Information Center said there's still a chance fraudsters could have profiled and impersonated users.

Like this: