Exactis left the records of 340M people, businesses wide open for anyone to grab

Marketing and data aggregation firm Exactis kept a database of around 340 million individual records on a publicly accessible server, Wired reports. Discovered by security researcher Vinny Troia from Night Lion Security, the data dump measured around two terabytes (2TB) and contained the personal information of around 230 million adults in North America along with 110 million businesses. Fortunately, credit card and social security numbers were not discovered within the data. 

“It seems like this is a database with pretty much every U.S. citizen in it,” Troia said. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.” 

Troia could find just about everyone he knew in the data, and when he was asked to seek out 10 specific people, he quickly emerged with six. The data dump included simple information such as phone numbers, home addresses, and email addresses. But it also dug deep into each listed individual spanning more than 400 variables. For instance, the data listed whether individuals smoke, if they own pets, their preferred religion, favorite hobbies, and loads more. 

Troia came across the data dump while researching the security of Elasticsearch databases using the search tool Shodan. Because these databases can be queried over the internet using a command line, he scanned for publicly accessible Elasticsearch-based servers using North American IP addresses. The scan produced 7,000 results, one of which served up the unprotected Exactis data dump. 

Once he stumbled across the data dump and examined its contents, he contacted both the FBI and Exactis, the latter of which made the data inaccessible shortly after Troia’s notification. Still, anyone who performed an Elasticsearch scan prior to Troia likely discovered the Exactis data dump as well. 

So far there is no evidence of foul play, but the data could already be circulating on the dark web. There is supposedly enough information in the data to produce scam campaigns even though financial and social security data isn’t present. 

According to Exactis, the company plays host to 3.5 billion “consumer, business, and digital records.” Among that data is supposedly 110 million households in the U.S., 218 million individuals, 88 million records tying email addresses to postal addresses, and 112 million records with residential phone numbers. 

“Data is the fuel that powers Exactis,” the company boasts. “Layer on hundreds of selects including demographic, geographic, lifestyle, interests, and behavioral data to target highly specific audiences with laser-like precision.” 

The Exactis data dump surpasses the data breach seen by Equifax in 2017, which saw the data of 145.5 million individuals stolen by hackers. The difference here is that hackers didn’t infiltrate Exactis’ network, but rather the company simply left data exposed on a publicly accessed server. The situation is similar to what happened in June 2017 where the details of 198 million American voters were left unsecured on a publicly accessed cloud server. 

What makes this data exposure scary is that Exactis may have your data and you don’t even know it. Even more, that data was left exposed with the potential to be scooped up by scammers.


Win the new Square Off Kingdom Set automated smart chess board

The all-new Square Off Kingdom Set "smart" chess board takes this centuries-old game into the 21st century, letting you play against AI or compete with millions of players from all around the world -- and it even moves the pieces for you.

Millions of health records may be at stake in ransomware attack

LabCorps revealed that it was a victim of a data breach, and the FBI confirmed it was notified of a ransomware attack. With millions of health records at stake, it's still unclear what information, if any, the attackers accessed.

With a public API, Venmo’s default privacy settings expose private user data

Fans of Venmo may want to consider changing their privacy settings. A security researcher was able to analyze over 200 million Venmo transactions through its public API, which exposed many private details about its users.

Lyft wants to partner with cities to add bike and scooter sharing

Lyft announced a multi-mode transportation plan to bring bike and scooter sharing to cities. To kick off the new initiative Lyft will invest $1 million to help nonprofits establish income eligible transportation programs.

Split your Uber charges with friends more easily than ever with Venmo

After noting that more than six million Venmo transaction descriptions included the word "Uber," the PayPal-owned app, Venmo, decided to help users cut down on the number of steps needed to repay friends. 

Ex-Apple engineer pleads not guilty to stealing autonomous car trade secrets

The FBI arrested a former Apple engineer named Xiaolang Zhang after he downloaded confidential files from the firm's self-driving car division. Zhang admitted that he planned to provide them to Chinese startup Xiaopeng Motors.

Facebook wants to own your face. Here’s why that’s a privacy disaster

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity. Scanning your face is easier than remembering a password, that’s for sure. But while facial recognition technology has gone mainstream with…

Google Chrome now consumes more memory due to a new Spectre fix

Version 67 of Google’s Chrome browser for Windows, Mac, Linux, and Chrome OS now includes a new security feature called Site Isolation. It protects web surfers against Spectre-based attacks on the internet, but for a price.

Hackers allegedly used cryptocurrency in attack against Clinton campaign

An indictment filed against Russian military intelligence officers reveals that the group allegedly used cryptocurrency to remain anonymous in a scheme against the Clinton campaign. They used digital coins to pay for their website.

Netgear says exploit that led to stolen documents was fixed a long time ago

Hackers were able to steal classified military training and maintenance documents following a breach of a standard Netgear router that still maintained the default administrator password.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.

VR is in a tailspin, and the sales numbers prove it

VR is the future! Except if you look at the data. Sales of the biggest VR headsets, including the HTC Vive, PlayStation VR, and Oculus Go, are all declining. What does it mean for the state of VR, and where do we go from here?

Apple's third iOS 12 beta may help you save a lot of data

At this year's Worldwide Developer Conference, Apple unveiled its latest operating system, iOS 12. From app updates to group FaceTime, ARKit 2.0, and more, here are all the new features in iOS 12.

Apple fixes its battery drain issue with iOS 11.4.1 update

Apple's iOS 11 is the latest version of the company's mobile operating system, but it still has some issues to be worked out. We've searched the internet to find the biggest iOS 11 problems, along with some potential solutions.
Movies & TV

The best shows on Netflix in July, from ‘Arrested Development’ to ‘Mad Men’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.

The launch of the new MacBook Pro has been a complete disaster

Apple has flubbed what should've been a simple processor bump for the MacBook Pro. From issues with pricing and CPU throttling to the keyboard, the MacBook Pro is in an even worse position than before the update.

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts in the process.

Congressman says we should be banned from mining, using cryptocurrency

Congressman Brad Sherman believes the government should prohibit U.S. citizens from mining and using cryptocurrency. As a medium of exchange, cryptocurrencies facilitate narcotics trafficking, terrorism, and tax evasion.

Apple quietly confirms 2018 MacBook Pro keyboard ships with anti-debris design

Apple appears to have a permanent fix in place to address the MacBook Pro's sticky key problem when it announced the 2018 refresh. But the fix won't be coming to the company's older notebooks, leaving existing owners out in the cold.

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…

Fuchsia could eventually replace Android, but it's years away from doing so

Details have emerged about a new operating system Google's developers are working on dubbed Fuchsia OS. Here's everything we know about Google's mysterious new operating system so far.