A MEGA-BREACH that could have left 340 million individuals’ personal information exposed has been uncovered by a US security researcher.
According to Wired, the unprotected database belongs to Exactis, a marketing outreach company that helps businesses connect with customers through different channels.
The researcher behind the discovery is a data broker based in Palm Coast called Vinny Troia. He found that the huge database – that weights in at 2TB – contains the details of 340 million people, 230 million of which are everyday consumers, and 110 million business contacts.
It’s still unclear as to how long the database was exposed, but what the security experts do know that it was chock-full of sensitive information including names, addresses, phone numbers, dates of birth, estimated income, number of children, education level and even credit rating.
Troia said the database was organised in a way that would allow anyone accessing it to uncover interests of the people registered, such as who has a pet or who likes reading books.
“It seems like this is a database with pretty much every US citizen in it,” said Troia, who is the founder of New York-based security company Night Lion Security.
“I looked up a bunch of my friends and the data was all pretty accurate. This is more information that other people can use to create scams or do fraudulent activities.”
He added that while it’s difficult to tell if hackers had found the database before he did, it’s very possible.
“The server was kind of wide open,” Troia said. “If anybody was looking for it, they could’ve found it and grabbed the data.”
If the Exactis leak does include the amount of information that Troia claims, it would make it one of the largest in years, and even bigger than 2017’s Equifax breach of 145.5 million people’s data, although not quite on the level of the Yahoo hack last October which affected three billion accounts.
Exactis is yet to make a statement on the discovery. µ
Source : Inquirer