Exactis left the records of 340M people, businesses wide open for anyone to grab

Marketing and data aggregation firm Exactis kept a database of around 340 million individual records on a publicly accessible server, Wired reports. Discovered by security researcher Vinny Troia from Night Lion Security, the data dump measured around two terabytes (2TB) and contained the personal information of around 230 million adults in North America along with 110 million businesses. Fortunately, credit card and social security numbers were not discovered within the data. 

“It seems like this is a database with pretty much every U.S. citizen in it,” Troia said. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.” 

Troia could find just about everyone he knew in the data, and when he was asked to seek out 10 specific people, he quickly emerged with six. The data dump included simple information such as phone numbers, home addresses, and email addresses. But it also dug deep into each listed individual spanning more than 400 variables. For instance, the data listed whether individuals smoke, if they own pets, their preferred religion, favorite hobbies, and loads more. 

Troia came across the data dump while researching the security of Elasticsearch databases using the search tool Shodan. Because these databases can be queried over the internet using a command line, he scanned for publicly accessible Elasticsearch-based servers using North American IP addresses. The scan produced 7,000 results, one of which served up the unprotected Exactis data dump. 

Once he stumbled across the data dump and examined its contents, he contacted both the FBI and Exactis, the latter of which made the data inaccessible shortly after Troia’s notification. Still, anyone who performed an Elasticsearch scan prior to Troia likely discovered the Exactis data dump as well. 

So far there is no evidence of foul play, but the data could already be circulating on the dark web. There is supposedly enough information in the data to produce scam campaigns even though financial and social security data isn’t present. 

According to Exactis, the company plays host to 3.5 billion “consumer, business, and digital records.” Among that data is supposedly 110 million households in the U.S., 218 million individuals, 88 million records tying email addresses to postal addresses, and 112 million records with residential phone numbers. 

“Data is the fuel that powers Exactis,” the company boasts. “Layer on hundreds of selects including demographic, geographic, lifestyle, interests, and behavioral data to target highly specific audiences with laser-like precision.” 

The Exactis data dump surpasses the data breach seen by Equifax in 2017, which saw the data of 145.5 million individuals stolen by hackers. The difference here is that hackers didn’t infiltrate Exactis’ network, but rather the company simply left data exposed on a publicly accessed server. The situation is similar to what happened in June 2017 where the details of 198 million American voters were left unsecured on a publicly accessed cloud server. 

What makes this data exposure scary is that Exactis may have your data and you don’t even know it. Even more, that data was left exposed with the potential to be scooped up by scammers.


If your data is found on the dark web, Firefox Monitor will let you know

Firefox is finally launching its Firefox Monitor service and you don't have to use the Firefox browser to access it. Monitor scans the dark web to see if your email address has been leaked as part of a past data breach.

Qualcomm accuses Apple of stealing secrets and giving them to Intel

Apple is following the FTC's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.
Emerging Tech

A Japanese spacecraft just landed two rovers on an asteroid

Japan's space agency has succeeded in landing two rovers on the surface of an asteroid around 200 million miles from Earth. The deployment is part of a bold mission aimed at unlocking some of the mysteries of our solar system.
Movies & TV

How much!? Harrison Ford’s Indiana Jones hat fetches $520,000 at auction

Described by the auctioneer as "a globally recognized cinematic treasure," the fedora worn by Harrison Ford in Raiders of the Lost Ark has just gone under the hammer for more than half a million bucks.

What to expect from Microsoft’s October 2 Surface event

The October 2 Surface event is just around the corner. Let's take a look at everything Microsoft could unveil at the event, including major announcement for new Surface products, unique accessories, and long-sought Windows 10 features.

MacOS Mojave has landed. Here are the five best features of the update

Apple's new version of MacOS is finally here and can be installed on your Mac today. Why should you upgrade? Well, there's a lot more to the update than just Dark Mode. Here are the five features you need to know about.

MacOS Mojave launches on September 24. Here's what we like about it so far

Mojave is the latest version of MacOS, and it's out now. Chock-full of quality-of-life upgrades, we took it for a test drive to get a sneak peek at what you can expect from the next major update to MacOS.

How to enable dark mode in MacOS Mojave

Learn how to enable dark mode in MacOS Mojave! As Mac's latest update gears up to hit all Mac systems later this year, the public beta for Mojave is nearly open for you to test out the latest features. One of the most in-demand changes is…

Critical MacOS Mojave vulnerability bypasses system security

Security Researcher Patrick Wardle has discovered a critical MacOS Mojave security flaw that could potentially allow malicious applications to bypass Mac's system security controls.
Emerging Tech

Microsoft and Shell build A.I. into gas stations to help spot smokers

Shell and Microsoft have created a system for gas stations that can spot someone who's smoking or about to smoke. The platform uses multiple cameras, local computing power, and Microsoft's cloud intelligence system to do the job.

Chrome OS update could make switching to tablet mode far easier

Google is working on an update for Chrome OS that would make its browser-based operating system much easier to operate in tablet mode, even with the new, streamlined user interface.
Emerging Tech

Teaching machines to see illusions may help computer vision get smarter

Researchers are teaching computers to see optical illusions. The reason? To create smarter, more brain-like vision recognition algorithms for everything from robots to autonomous cars.

How many GPU video ports is too many? The Aorus RTX 2080 packs seven

Aorus' new RTX 2080 graphics card wants to turn up the new-generation GPUs to 11 with greater cooling, RGB lighting, and a whole host of video port options that give anyone more than they'll likely ever need.
Virtual Reality

Virtual reality breaks free as the HTC Wireless Adapter hits store shelves

Gamers can now break free from wires as the HTC Wireless Adapter hits store shelves, allowing HTC Vive users to connect their headsets wirelessly to their Windows PC without the need for cable tethers.