Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records

You've probably never heard of the marketing and data aggregation firm Exactis. But it may well have heard of you. And now there's also a good chance that whatever information the company has about you, it recently leaked onto the public internet, available to any hacker who simply knew where to look. From a report: Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses. While the precise number of individuals included in the data isn't clear -- and the leak doesn't seem to contain credit card information or Social Security numbers -- it does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person's children.

"It seems like this is a database with pretty much every US citizen in it," says Troia, who is the founder of his own New York-based security company, Night Lion Security. Troia notes that almost every person he's searched for in the database, he's found. And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them. "I don't know where the data is coming from, but it's one of the most comprehensive collections I've ever seen," he says.

someone have a link to the torrent?

[onepoint]

anyone?

Re:someone have a link to the torrent?

[burningcpu]

I'm still waiting for the interesting part.

from thier web site

[ole_timer]

Data is the fuel that powers Exactis. Warehousing over 3.5 billion consumer, business, and digital records, The Exactis Data Cloud provides knowledge and insight to hundreds of firms enabling them to achieve marketing success through the use of high quality data. The Exactis data cloud is one of the largest and most respected in the data marketing industry. It is constructed of hundreds of compiled and proprietary data sources, has over 400 different selects, and utilizes a triple verification process to guarantee accurate targeting. This includes demographic, geographic, firmographic, lifestyle, interests, CPG, automotive, and behavioral data.

Re:from thier web site

[postbigbang]

Let's add them to the prison database, with a field called: InForLife.

Re:from thier web site

[Killall+-9+Bash]

Heat energy from the sun causes data in the Data Ocean to evaporate. This data rises into the internets. At high altitude, the internets is very cold, causing the data to coalesce into data breaches, which then fall from the sky in a constant stream.

That's it, I'm calling it

[theCat]

At this point, there have been so many "leaks" (whatever the fuck that means) of PI that we have reached a point where there simply is NO remaining PI for anyone older than 18 months old. It's all out there now. Everything about you is in the wild, including things you didn't know about yourself. Everyone now lives in a fishbowl. Get used to it.

I have a modest proposal. To even the playing field (and to make hoarding PI no longer profitable) there ought to be a national database of all our PI that has an open API for anyone wants to access, at any time. Period. One and done. "Securing" PI would then be a form of theft, a felony. Anyone caught collecting and storing PI outside the public domain would be arrested for information crimes (espionage) and if convicted, thrown in prison.

Re:That's it, I'm calling it

[ole_timer]

that's the point - we can only opt out on certain transactions - businesses have rights over consumers in US...congress needs to act...EU has it flipped - consumers come first

This is what the GDPR was crafted for...

These are the companies that the GDPR was meant to go after. Companies nobody knows what they do, slurp tons of data, get hacked, and cause all kinds of trouble. If they have any Europeans on their rolls, people should send them the GDPR Letter From Hell.

It would be nice if we saw similar protection laws here in the US.

Re:Let's add them to the prison database

[White+Yeti]

I also had fleeting hope that Experian would be driven out of business. Oh well...

Serial stalker

[Bob+the+Super+Hamste]

If I collected that much data on a just a handful of random people I would be called a serial stalker and brought up on charges. Why doesn't the same thing happen to these companies?

I also wonder with all of these giant data brokers out there collecting this much data on everyone why is it so many companies screw the pooch when trying to collect debts. For example couple years back I had a case where a debt collector was trying to collect a student loan debt from me that was older than I am and the only match was on the first name.

Re:Serial stalker

[Aighearach]

If I collected that much data on a just a handful of random people I would be called a serial stalker and brought up on charges.

No, you wouldn't.

In stalking, the crime is about contacting the victim repeatedly after they've instructed you to stop. It is about unwanted contact, not about the collecting of data. If a stalker never made any contact, it would never become illegal.

Generally when you tell people working with the sort of data in the story to stop contacting you, they do; the next time the company contacts you it is a different person calling.

A key part of the stalking laws is that the victim would reasonably be afraid for their physical safety. That isn't the case in telemarketing, etc., or the mere storage of data.