[ad_1]
A new data leak could affect hundreds of millions of Americans, perhaps more than the nearly 150 million affected by the violation of Equifax
Exactis, a marketing and advertising firm. Data aggregation in Florida, has leaked detailed information. and businesses, said a security researcher. Although the exact number of people affected is not known, the leak involved about 340 million records on a public server.
Wired was the first to report that the information on display included phone numbers, personal and electronic addresses for each name, such as interests and habits, as well as the number, age and gender of children of the person. Other types of information were found: religion, the fact that a person smokes or the type of pet.
There is no evidence that anyone with malicious intent has obtained the Exactis data. This makes it different from the Equifax hacking, which was a cyber attack on the company's data.
On the Exactis website, the company claims to have data on 218 million people, including 110 million American homes, and 3.5 billion Vinny Troia, the security researcher who discovered the leak and the Reported to Exactis – which he says he has since protected the data – said Thursday that he was looking for about 40 or 50 names and all the ones he was looking for. for has come. "I've been looking for celebrities, I've been looking for people I know," he says. "It seems like it's a database with almost every US citizen," Troia, founder of New York-based security company Night Lion Security, told Wired, who also asked Troia to search for names in the database data and confirmed the authenticity of certain information, although some were out of date. "I do not know where the data comes from, but it's one of the most comprehensive collections I have ever seen."
Troia told Wired that he was curious about the security of ElasticSearch, which the magazine describes as "a popular type of database designed to be easily interrogated on the Internet for help from the command line. "When he performed a search in the database, he found the Exactis database, which was not protected.If the Exactis figures are accurate , the leak would make it one of the biggest data security flaws in a while, surpassing the Equifax breach of last year and the number of Facebook users affected by the Cambridge Analytica's privacy scandal, which, according to Facebook, reached 87 million.
The information disclosed by Exactis did not include social security numbers as it did the violation of. Equifax. "When I got up, I found the name of my mortgage lender, the clas worth of my house and whether or not I had some type of credit card, "says Troia. Troia said:
Marc Rotenberg, executive director of the nonprofit electronic privacy information center, told Wired that the information disclosed to Exactis could be used to impersonate the company's identity. 39; others.
Exactis did not return a request for comment. The company's clients include companies in the media, financial services and e-commerce sectors, which it helps with targeted marketing campaigns, according to Crunchbase.
Source link
