Tuesday, August 9, 2022
  • Release the Kraken: The Battle for the Russian Language Darknet
  • Aspen Security Forum 2022 – Moderator: Amy Walter ‘Who Cares? How The World Views Conflict With Russia And Competition With China’
  • GitHub Zero-Day: From 35K Repos Compromised to False Alarm
  • Slack App Leaked Hashed User Passwords for 5 YEARS
  • Daniel Stori’s ‘Serverless Economic Impact’

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Data Security » Hitherto unknown marketing firm exposed hundreds of millions of Americans’ data

SBN

Hitherto unknown marketing firm exposed hundreds of millions of Americans’ data

by Graham Cluley on June 28, 2018

It’s been discovered that a marketing company left almost two terabytes of sensitive data exposed on the internet for anybody to access.

DevOps Connect:DevSecOps @ RSAC 2022

And what was inside that massive haul of data? The detailed personal information of 230 million consumers and 110 million business contacts – including phone numbers, addresses, dates of birth, estimated income, number of children, age and gender of children, education level, credit rating, interests and more.

In short, “pretty much every U.S. citizen” is included in the database.

As Wired describes, the level of detail exposed in the data breach is extraordinary:

“Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel.”

The only saving grace is that the leak does not appear to have included any credit card data or Social Security Numbers. That’s obviously a relief, but there are still clear opportunities for criminals to exploit the information if they managed to get their claws on it.

The company that left itself exposed is Florida-based Exactis, a marketing and data aggregation firm that you almost certainly never heard of before the story made headlines courtesy of security researcher Vinny Troia.

As Troia tells Wired, he found the data when combing through the internet for publicly accessible servers running ElasticSearch databases. The Exactis database was not protected by a firewall.

In other words, it was easy for Troia to collect the information.

Thankfully, Troia is one of the good guys – and he informed Exactis and the FBI about his discovery. As a result, the massive database is no longer accessible online.

But the (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/hitherto-unknown-marketing-firm-exposed-hundreds-of-millions-of-americans-data/

June 28, 2018June 28, 2018 Graham Cluley Data breach, Exactis, Featured Articles, IT Security and Data Protection
  • ← It only takes 6,000 smart phones to take down our Public Emergency Response System?
  • As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Modern APIs Need a Different Security Approach
CHIPS for America Act Brings Big Bucks to Semiconductor Industry
Overcoming the Barriers to Zero-Trust
Upskilling is Critical to Closing Cybersecurity Skills Gaps
This Week in Malware—Typosquats in PyPI, dependency confusion packages
Aspen Security Forum 2022 – Moderator: David Ignatius, Secretary Frank Kendall USAF ‘Fireside Chat On Modernization And The Future Of Warfare’
GwisinLocker ransomware targets South Korean industrial and pharma firms
What You Need to Know About Ransomware in AWS
Cloud Security Challenges & How to Overcome Them

Upcoming Webinars

Wed 17

Code Tampering: Four Keys to Pipeline Integrity

August 17 @ 1:00 pm - 2:00 pm
Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous

July 21, 2022 Richi Jennings | Jul 21 0
How AI Secures the Future of Digital Payments
Application Security Cloud Security Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

How AI Secures the Future of Digital Payments

July 18, 2022 Natasha Lane | Jul 18 0
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

June 17, 2022 Richi Jennings | Jun 17 Comments Off on HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

Top Stories

GitHub Zero-Day: From 35K Repos Compromised to False Alarm
Application Security Cybersecurity Featured Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

GitHub Zero-Day: From 35K Repos Compromised to False Alarm

August 8, 2022 Gabriel Liechtman-Manor | Yesterday 0
Slack App Leaked Hashed User Passwords for 5 YEARS
Analytics & Intelligence API Security Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Slack App Leaked Hashed User Passwords for 5 YEARS

August 8, 2022 Richi Jennings | Yesterday 0
US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response IoT & ICS Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW

August 5, 2022 Richi Jennings | 3 days ago 0

Security Humor

Daniel Stori's 'Serverless Economic Impact'

Daniel Stori’s ‘Serverless Economic Impact’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.