Marketing Firm Leaked Database With 340 Million Records

And now there's also a good chance that whatever information the company has about you, it recently leaked onto the public internet, available to any hacker who simply knew where to look.

Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.While the precise number of individuals included in the data isn't clearand the leak doesn't seem to contain credit card information or Social Security numbersit does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name.

"It seems like this is a database with pretty much every US citizen in it," says Troia, who is the founder of his own New York-based security company, Night Lion Security.

And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them.

While it's far from clear if any criminal or malicious hackers have accessed the database, Troia says it would have been easy enough for them to find. Troia himself spotted the database while using the search tool Shodan, which allows researchers to scan for all manner of internet-connected devices.He says he'd been curious about the security of ElasticSearch, a popular type of database that's designed to be easily queried over the internet using just the command line.

"If you have a profile on someone, that person should be able to see their profile and limit its use," Rotenberg says.

Original article
Author: Wired

Wired has recently written 10 articles on similar topics including :
  1. "Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question". (December 20, 2018)
  2. "Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework". (July 7, 2019)
  3. "The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it". (August 21, 2019)
  4. "It’s not about keeping you safe from Facebook’s data-hoovering efforts. It’s about competing with other messaging platforms". (March 7, 2019)
  5. "Mark Zuckerberg is laying out a vision of Facebook’s privacy-focused future. But what about its business model?". (March 6, 2019)
  6. "Opinion: Utah legislators recently voted to pass landmark legislation in support of a new privacy law. Statehouses across the country should take notes". (March 22, 2019)
  7. "On Wednesday, Mark Zuckerberg laid out a vision for a very different Facebook—with a lot of unknowns about how to get there". (March 7, 2019)
  8. "An exposed database belonging to Verifications.io contained both personal and business information, including 763 million unique email addresses". (March 7, 2019)
  9. "Ad trackers are out of control. Use a browser that reins them in". (June 16, 2019)
  10. "Who needs the dark web? Researchers found 74 groups offering stolen credit cards and hacking tools by conducting simple Facebook searches". (April 5, 2019)
Posted on  , , ,