Exactis Exposes 340 Million Records on US Consumers

If you’re a US citizen, your personal information — your phone number, home address, email address, even how many children you have — may have just become easily available to hackers in an alleged massive data leak of Exactis records.

Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million individual records on a publicly accessible server, Wired reported. Earlier this month, security researcher Vinny Troia found that nearly 2 terabytes of data was exposed, which seems to include personal information on hundreds of millions of US adults and millions of businesses, the report said.

“It seems like this is a database with pretty much every US citizen in it,” Troia told Wired.

Exactis didn’t respond to a request for comment or confirmation.

The alleged breach reportedly exposed highly personal information, such as people’s phone numbers, home and email addresses, interests and the number, age, and gender of their children. Credit card information and Social Security numbers don’t appear to have been leaked. Troia told Wired that he doesn’t know where the data is coming from, “but it’s one of the most comprehensive collections I’ve ever seen.”

Because Exactis hasn’t confirmed the leak, and the data is reportedly no longer accessible, it’s hard to know exactly how many people are affected. But Troia found two versions of the database that each had around 340 million records, with roughly 230 million on consumers and 110 million on business contacts, according to Wired. Exactis says on its website that it has over 3.5 billion consumer, business, and digital records.

The data leak is noteworthy not only for its breadth but also for the depth of information the records have on people. Every record reportedly has entries that include more than 400 variables on characteristics like whether the person smokes, what their religion is and whether they have dogs or cats. But Wired noted that in some instances, the information is inaccurate or outdated.

Just because people’s financial information or Social Security numbers weren’t leaked doesn’t mean they’re not at risk for identity theft. The amount of personal information that was exposed could still help scammers impersonate or profile them.

Huge compromises to personal information have been making headlines in recent years. In 2017, Equifax was involved in a massive data breach of 145.5 million people’s data — Social Security numbers, names, birthdates, and addresses were stolen. And in October, Yahoo revealed that all 3 billion accounts were hacked in a 2013 breach.

 

Original Article Found Here