Marketing Firm Exactis suffering from Massive data Leak that exposed 340 Million Americans sensitive records Online which is estimated more the Equifax data breach that occurred a few months before.
Leaked data contains millions of peoples personal sensitive information phone number, home address, email address, even how many children have in leaked users data.
A security researcher Vinny Troia discovered that nearly 340 million individual American’s records on a publicly accessible server.
According to Wired Report, Exposed data nearly 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.
Exposed data categories range from interests and habits to the number, age, and gender of the person’s children and it doesn’t contain credit card information or Social Security numbers.
“It seems like this is a database with pretty much every US citizen in it,” says Troia, who is the founder of his own New York-based security company, Night Lion Security.
The researcher said “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,”
He was asked to find the 10 specific person data randomly and he finds the all 10 peoples data in very short time within the leaked data list.
Spotted The Exactis Massive Data in Shodan Search
Exposed data spotted while researcher using the search tool Shodan which is used to search the internet-connected devices.
Also Troia said, he would be curious about the security of ElasticSearch, a popular type of database that’s designed to be easily queried over the internet using just the command line.
So he used shodan search for all the publicly accessible ElasticSearch databases with American IP addresses and got around 7,000 results.
Later he found the Exactis database, unprotected by any firewall. also, he said, “I’m not the first person to think of scraping ElasticSearch servers,” he says. “I’d be surprised if someone else didn’t already have this.”
Apart from this, each record contains entries that go far beyond contact information and public records to include more than 400 variables.
Troia contacted both Exactis and the FBI about his discovery last week, and he says the company has since protected the data so that it’s no longer accessible. Exactis did not respond to multiple calls and emails from WIRED asking for comment on its data leak wired said.