Latest in Tomorrow

Image credit:

Data-broker leak exposes 340 million personal records

Phone numbers, home addresses and religious beliefs were publicly accessible.
Share
Tweet
Share

Sponsored Links

Getty Images/Cultura RF

Exactis might be fueled by data, but its recent blunder is a warning that any database without firewall protection is susceptible to leaks. The data aggregation company recently exposed over 300 million personal records -- statistically speaking, that's enough to cover the entire US population.

The leak was first discovered by Vinny Troia, a security researcher and founder of Night Lion Security. On a routine investigation using Shodan -- a search engine that allows users to identify internet-connected devices -- he looked up databases on open servers, and eventually stumbled upon the Exactis database, which, rather curiously, lacked any kind of firewall.

He found a 2TB data bank that stored nearly 340 million individual records, completely exposed to anyone acquainted well enough with cyber security.

While credit card or social security numbers weren't put in danger, sensitive data including personal interests, home and email addresses, religious beliefs, smoking status, phone numbers, and even the number, age and sex of a family's children -- were all visible. Troia told Wired that while most data was authentic, not every piece of it was up-to-date or verifiable. Unlike Equifax, or the colossal Yahoo breach, there's currently no evidence to suggest hackers obtained any of Exactis' data and used it with malicious intent.

Is there any cause for concern, then, if financial details weren't accessible? Mark Rotenberg says "certainly". Speaking with Wired, the president of the Electronic Privacy Information Center said there's still a chance fraudsters could have profiled and impersonated users. He also mentioned that most data gathered by information brokers (like Exactis) is actually retrieved from private outlets, including online subscriptions.

Exactis appears reluctant to offer any comments regarding the leak, however, the company has apparently shielded the data in question -- so it's no longer available to the public. We've reached out via email for confirmation. The leak does prompt a couple of questions -- namely, why appropriate firewall protection wasn't included to begin with, and an explanation for why consumers weren't informed their data was being collected.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View
Our readers get real about their issues with the AirPods Pro

Our readers get real about their issues with the AirPods Pro

View
Fossil's Gen 5 Wear OS smartwatches are about to get a major update

Fossil's Gen 5 Wear OS smartwatches are about to get a major update

View
Nintendo 'gigaleak' reveals the classic games that never were

Nintendo 'gigaleak' reveals the classic games that never were

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr