A new data leak could affect almost every single American,ย perhaps more than Equifaxโs massive 2017 data breach of nearly 150 million individuals.
Earlier this month, the renowned security researcherย Vinny Troia announced that heย discoveredย an unsecured database containing around 340 million individual records. According to Troia, the database included profiles of a few hundred million Americans belonging to Exactis, a Florida-based marketing and data-aggregation firm.
Troia told Wired that the catch contains aboutย two terabytes of data that includes personal information of almost every American adult, along with millions of businesses.
While the database does not include credit-card numbers or Social Security information, it does include phone numbers, home addresses, email addresses and personal characteristics for every name, such as interests and personal habits, plus the number, age, and gender of the personโs children. Other types of information found: religion, whether a person smokes, kind of pet. Even though the millions of individual profiles did not include financial information, it was more than enough data to help scammers steal identities.
โIt seems like this is a database with pretty much every US citizen in it,โย said Troia, who is the founder of his own New York-based cyber security company, Night Lion Security.
Troia searched the database for about 40 or 50 names and โeverybody he searched for came up. I searched for celebrities; I searched for people I know.โ
WIRED then asked him to search for ten people, which he only found six of them. โI donโt know where the data is coming from, but itโs one of the most comprehensive collections Iโve ever seen,โ he stated.
Troia explained to Wired that he was able to access the database on the internet, and he warned that plenty of other people could have as well. Once the unsecured database was discovered, he contacted Exactis and the FBI about the vulnerability, and since, the database has disappeared from the public domain.
If Troiaโs numbers are remotely accurate, this leak could be one of the most significant data security breaches in several years, surpassing last yearโs Equifax breach and the Facebook debacle with Cambridge Analytica.
On the โAbout Usโ section on Exactisโ website, the company said it managed 3.5 billion consumer, business, and digital records including โdemographic, geographic, firmographic, lifestyle, interests, CPG, automotive, and behavioral data.โ
โWhen I looked myself up, I found the name of my mortgage lender, the value class of my home and whether or not I had certain kind of credit card,โย Troia added.
Marc Rotenberg, executive director of the nonprofit Electronic Privacy Information Center, told Wired that corporations are routinely data mining Americans, which the leak could be used to impersonate others.
โIf you have a profile on someone, that person should be able to see their profile and limit its use,โ Rotenberg said.
โItโs one thing to subscribe to a magazine. Itโs another for a single company to have such a detailed profile of your entire life.โ
Exactis refused to speak with Wired or any other media outlets,ย and it is still unclear whether hackers made off with the terabytes of raw data of almost every single American.
This article appeared at ZeroHedge.com at:ย ย https://www.zerohedge.com/news/2018-06-28/massive-data-leak-could-affect-300-million-americans