[Download]

Marketing Firm Leaked Database With 340 Million Records

And now there's also a good chance that whatever information the company has about you, it recently leaked onto the public internet, available to any hacker who simply knew where to look.

Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.While the precise number of individuals included in the data isn't clearand the leak doesn't seem to contain credit card information or Social Security numbersit does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name.

"It seems like this is a database with pretty much every US citizen in it," says Troia, who is the founder of his own New York-based security company, Night Lion Security.

And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them.

While it's far from clear if any criminal or malicious hackers have accessed the database, Troia says it would have been easy enough for them to find. Troia himself spotted the database while using the search tool Shodan, which allows researchers to scan for all manner of internet-connected devices.He says he'd been curious about the security of ElasticSearch, a popular type of database that's designed to be easily queried over the internet using just the command line.

"If you have a profile on someone, that person should be able to see their profile and limit its use," Rotenberg says.

Original article
Author: Wired

Wired has recently written 11 articles on similar topics including :
  1. "Who needs the dark web? Researchers found 74 groups offering stolen credit cards and hacking tools by conducting simple Facebook searches". (April 5, 2019)
  2. "Mark Zuckerberg is laying out a vision of Facebook’s privacy-focused future. But what about its business model?". (March 6, 2019)
  3. "Researchers last year found that many YouTube influencers don't disclose ties to affiliate marketing. A new browser extension will show you the hidden connections". (July 12, 2019)
  4. "The Facebook CEO chatted with WIRED's editor in chief about building a "privacy-focused" social network and the trade-offs he’ll need to make". (March 7, 2019)
  5. "Prosecutors in New York reportedly are investigating the company's sharing agreements with other firms, which may have exposed personal information without user consent". (March 14, 2019)
  6. "New research shows how nearby attackers can see where you are, send you spoofed carrier messages, and more". (February 26, 2019)
  7. "For the past four years, Facebook has quietly used a homegrown tool called Zoncolan to find bugs in its massive codebase". (August 17, 2019)
  8. "Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework". (July 7, 2019)
  9. "An exposed database belonging to Verifications.io contained both personal and business information, including 763 million unique email addresses". (March 7, 2019)
  10. "Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question". (December 20, 2018)
  11. "On Wednesday, Mark Zuckerberg laid out a vision for a very different Facebook—with a lot of unknowns about how to get there". (March 7, 2019)
Posted on  , , ,