Skip to main content

Exactis left the records of 340M people, businesses wide open for anyone to grab

Marketing and data aggregation firm Exactis kept a database of around 340 million individual records on a publicly accessible server, Wired reports. Discovered by security researcher Vinny Troia from Night Lion Security, the data dump measured around two terabytes (2TB) and contained the personal information of around 230 million adults in North America along with 110 million businesses. Fortunately, credit card and social security numbers were not discovered within the data. 

“It seems like this is a database with pretty much every U.S. citizen in it,” Troia said. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.” 

Recommended Videos

Troia could find just about everyone he knew in the data, and when he was asked to seek out 10 specific people, he quickly emerged with six. The data dump included simple information such as phone numbers, home addresses, and email addresses. But it also dug deep into each listed individual spanning more than 400 variables. For instance, the data listed whether individuals smoke, if they own pets, their preferred religion, favorite hobbies, and loads more. 

Please enable Javascript to view this content

Troia came across the data dump while researching the security of Elasticsearch databases using the search tool Shodan. Because these databases can be queried over the internet using a command line, he scanned for publicly accessible Elasticsearch-based servers using North American IP addresses. The scan produced 7,000 results, one of which served up the unprotected Exactis data dump. 

Once he stumbled across the data dump and examined its contents, he contacted both the FBI and Exactis, the latter of which made the data inaccessible shortly after Troia’s notification. Still, anyone who performed an Elasticsearch scan prior to Troia likely discovered the Exactis data dump as well. 

So far there is no evidence of foul play, but the data could already be circulating on the dark web. There is supposedly enough information in the data to produce scam campaigns even though financial and social security data isn’t present. 

According to Exactis, the company plays host to 3.5 billion “consumer, business, and digital records.” Among that data is supposedly 110 million households in the U.S., 218 million individuals, 88 million records tying email addresses to postal addresses, and 112 million records with residential phone numbers. 

“Data is the fuel that powers Exactis,” the company boasts. “Layer on hundreds of selects including demographic, geographic, lifestyle, interests, and behavioral data to target highly specific audiences with laser-like precision.” 

The Exactis data dump surpasses the data breach seen by Equifax in 2017, which saw the data of 145.5 million individuals stolen by hackers. The difference here is that hackers didn’t infiltrate Exactis’ network, but rather the company simply left data exposed on a publicly accessed server. The situation is similar to what happened in June 2017 where the details of 198 million American voters were left unsecured on a publicly accessed cloud server. 

What makes this data exposure scary is that Exactis may have your data and you don’t even know it. Even more, that data was left exposed with the potential to be scooped up by scammers.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Apple could tie up with Sony for a critical Vision Pro upgrade
A man wears an Apple Vision Pro headset.

Apple hasn’t quite tasted the domain-shifting success it expected with the Vision Pro headset. A price tag worth $3,500 was already a deterrent, but the gaming ecosystem — a key driver for the VR segment — has also been lackluster. The company is now hoping to fix that situation with some help from Sony.

According to Bloomberg, the two companies have been working together to bring support for the PlayStation VR 2’s controllers to the pricey Apple headset. “Apple has discussed the plan with third-party developers, asking them if they’d integrate support into their games,” adds the report.

Read more
This $20 accessory should be in the stocking of every PC gamer
8bitdo wireless usb adapter stocking stuffer adpater 1

I hate Bluetooth in Windows. Add it to the list of gripes I have, but no matter how many times I go through the process of pairing and re-pairing different controllers on my PC, I always seem to run into issues with dropped connections and pairing failures when I go to play games with a controller on my PC. This $20 accessory solves that issue.

I'm talking about the . It's a little $20 dongle that I've used for years at this point, and it's become such a staple of my PC setup that I rarely even think about it. If you're looking to pad the stocking of a PC gamer in your life, it's one of the most inexpensive accessories that can benefit nearly any PC gamer.
The Bluetooth battle
At a high level, the Wireless USB Adapter 2 is just a Bluetooth adapter. You plug it into your PC, hold down a tiny button until the light starts blinking rapidly, and pair your controller of choice, be it from Xbox, PlayStation, Nintendo, or even 8BitDo itself. I've gone through the pairing process literally hundreds of times with the adapter, and I've never once run into an issue. I can't say the same with Bluetooth in Windows.

Read more
ChatGPT unveils Sora with up to 20-second AI video generation
An AI generated image of a woman who walks the streets of Tokyo.

OpenAI has been promising to release its next-gen video generator model, Sora, since February. On Monday, the company finally dropped a working version of it as part of its "12 Days of OpenAI" event.

"This is a critical part of our AGI roadmap," OpenAI CEO Sam Altman said during the company's live stream.

Read more