A little known Florida-based marketing and data aggregation firm Exactis has exposed data of millions of American adults, as well as millions of businesses in an alleged massive data leak.
The firm uploaded a database containing 340 million files to a publicly accessible server, Wired reported.
Earlier this month, security researcher Vinny Troia had exposed that nearly 2 terabytes of database was easily available publicly accessible server. While the number of individuals who are victim of this massive breach is still unknown.
“It seems like this is a database with pretty much every US citizen in it,” Troia told Wired.
The database include extremely personal information such as phone numbers, home addresses, email address, hobbies, age and gender of their children, number of children. The big relief is that the leak doesn’t seem to contain credit card information or Social Security numbers.
“I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” he says.
According to the researcher, he spotted the database for the first time when he was using a search tool Shodan, it allows researchers to scan for all manner of internet-connected devices, to search for all ElasticSearch databases which are visible to everyone with American IP addresses. In return he got about 7,000 results. He quickly got hold on the Exactis database, as it was unprotected by any firewall.
“I’m not the first person to think of scraping ElasticSearch servers,” he says. “I’d be surprised if someone else didn’t already have this.”
Meanwhile Exactis refused to offer any comments regarding the leak, however, the company has taken down all the data in question.