[Download]

Marketing Firm Leaked Database With 340 Million Records

And now there's also a good chance that whatever information the company has about you, it recently leaked onto the public internet, available to any hacker who simply knew where to look.

Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.While the precise number of individuals included in the data isn't clearand the leak doesn't seem to contain credit card information or Social Security numbersit does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name.

"It seems like this is a database with pretty much every US citizen in it," says Troia, who is the founder of his own New York-based security company, Night Lion Security.

And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them.

While it's far from clear if any criminal or malicious hackers have accessed the database, Troia says it would have been easy enough for them to find. Troia himself spotted the database while using the search tool Shodan, which allows researchers to scan for all manner of internet-connected devices.He says he'd been curious about the security of ElasticSearch, a popular type of database that's designed to be easily queried over the internet using just the command line.

"If you have a profile on someone, that person should be able to see their profile and limit its use," Rotenberg says.

Original article
Author: Wired

Wired has recently written 10 articles on similar topics including :
  1. "Alex Stamos' Stanford-based project will try to persuade tech firms to offer academics access to massive troves of user data". (July 25, 2019)
  2. "Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question". (December 20, 2018)
  3. "On Wednesday, Mark Zuckerberg laid out a vision for a very different Facebook—with a lot of unknowns about how to get there". (March 7, 2019)
  4. "Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework". (July 7, 2019)
  5. "The social network kept hundreds of millions of user passwords unscrambled, and employees could search them". (March 21, 2019)
  6. "Opinion: Utah legislators recently voted to pass landmark legislation in support of a new privacy law. Statehouses across the country should take notes". (March 22, 2019)
  7. "Mark Zuckerberg is laying out a vision of Facebook’s privacy-focused future. But what about its business model?". (March 6, 2019)
  8. "Ad trackers are out of control. Use a browser that reins them in". (June 16, 2019)
  9. "Prosecutors in New York reportedly are investigating the company's sharing agreements with other firms, which may have exposed personal information without user consent". (March 14, 2019)
  10. "An exposed database belonging to Verifications.io contained both personal and business information, including 763 million unique email addresses". (March 7, 2019)
Posted on  , , ,