Latest in Tomorrow

Image credit: Getty Images/Cultura RF

Data-broker leak exposes 340 million personal records

Phone numbers, home addresses and religious beliefs were publicly accessible.
464 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images/Cultura RF

Exactis might be fueled by data, but its recent blunder is a warning that any database without firewall protection is susceptible to leaks. The data aggregation company recently exposed over 300 million personal records -- statistically speaking, that's enough to cover the entire US population.

The leak was first discovered by Vinny Troia, a security researcher and founder of Night Lion Security. On a routine investigation using Shodan -- a search engine that allows users to identify internet-connected devices -- he looked up databases on open servers, and eventually stumbled upon the Exactis database, which, rather curiously, lacked any kind of firewall.

He found a 2TB data bank that stored nearly 340 million individual records, completely exposed to anyone acquainted well enough with cyber security.

While credit card or social security numbers weren't put in danger, sensitive data including personal interests, home and email addresses, religious beliefs, smoking status, phone numbers, and even the number, age and sex of a family's children -- were all visible. Troia told Wired that while most data was authentic, not every piece of it was up-to-date or verifiable. Unlike Equifax, or the colossal Yahoo breach, there's currently no evidence to suggest hackers obtained any of Exactis' data and used it with malicious intent.

Is there any cause for concern, then, if financial details weren't accessible? Mark Rotenberg says "certainly". Speaking with Wired, the president of the Electronic Privacy Information Center said there's still a chance fraudsters could have profiled and impersonated users. He also mentioned that most data gathered by information brokers (like Exactis) is actually retrieved from private outlets, including online subscriptions.

Exactis appears reluctant to offer any comments regarding the leak, however, the company has apparently shielded the data in question -- so it's no longer available to the public. We've reached out via email for confirmation. The leak does prompt a couple of questions -- namely, why appropriate firewall protection wasn't included to begin with, and an explanation for why consumers weren't informed their data was being collected.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
464 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Tesla's crash test lab video shows real and virtual Model 3 wrecks

Tesla's crash test lab video shows real and virtual Model 3 wrecks

View
TiVo's 'free' streaming service starts rolling out

TiVo's 'free' streaming service starts rolling out

View
NASA demos spacesuits for its Moon and Mars missions

NASA demos spacesuits for its Moon and Mars missions

View
Sony’s 360 Reality Audio launches this fall with 1,000 tracks

Sony’s 360 Reality Audio launches this fall with 1,000 tracks

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr