Monday 10th December 2018

US marketing firm leaks database comprising hundreds of millions of records

The leak comprises 340 million publicly accessible records on individuals and business contacts.
Jason Smith
by on 28th June 2018

A little known US marketing firm, Exactis, has leaked a database containing records on hundreds of millions of American citizens, according to a report in Wired.

The database comprises personal data including names, email addresses and home addresses.

While it doesn’t contain payment details, the database is so exacting it has information on peoples’ interests and habits, e.g. whether they smoke, the recreational activities they engage in, etc.,  as well as the gender and age of their children,

Overall, it comprises 2 terabytes worth of data and 340 million records.

The security expert who discovered the database, Vinny Troia, founder of Night Lion Security, told Wired that it looks as though the database contains records on every individual in the U.S.

While it’s unclear whether the database has been accessed by malicious actors, Troia claims it would have been relatively easy for them to find it.

Exactis implemented protective measures after the security expert got in touch to inform them the database was publicly accessible to anyone who queried for databases on the servers of ElasticSearch, which is an open-source, enterprise-grade search engine.

While the database contains 340 million records, 110 million of these are for business contacts and 230 million are for individuals. Troia also found a second database uploaded by Exactis which also contains 340 million records.

Troia contacted the FBI to notify them about the security incident.

On its about page, Exactis claims to have “3.5 billion consumer, business and digital records.” On its “our data” page it also claims to have 218 million records on individuals.