It’s been discovered that a marketing company left almost two terabytes of sensitive data exposed on the internet for anybody to access.
And what was inside that massive haul of data? The detailed personal information of 230 million consumers and 110 million business contacts – including phone numbers, addresses, dates of birth, estimated income, number of children, age and gender of children, education level, credit rating, interests and more.
In short, “pretty much every U.S. citizen” is included in the database.
As Wired describes, the level of detail exposed in the data breach is extraordinary:
“Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel.”
The only saving grace is that the leak does not appear to have included any credit card data or Social Security Numbers. That’s obviously a relief, but there are still clear opportunities for criminals to exploit the information if they managed to get their claws on it.
The company that left itself exposed is Florida-based Exactis, a marketing and data aggregation firm that you almost certainly never heard of before the story made headlines courtesy of security researcher Vinny Troia.
As Troia tells Wired, he found the data when combing through the internet for publicly accessible servers running ElasticSearch databases. The Exactis database was not protected by a firewall.
In other words, it was easy for Troia to collect the information.
Thankfully, Troia is one of the good guys – and he informed Exactis and the FBI about his discovery. As a result, the massive database is no longer accessible online.
But the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/hitherto-unknown-marketing-firm-exposed-hundreds-of-millions-of-americans-data/