Nearly every consumer fears having their identity stolen. As the Mercury News has confirmed, a new leak is likely to have exposed more people than a previous Equifax breach, which exposed the information of 150 million Americans.
Exactis is called a “Florida-based marketing and data-aggregation firm,” and detailed information has been leaked from them regarding “individual adults and businesses.” There were 340 million records stored on a public server, which any novice knows is not secure.
Wired Magazine first told of the nightmare which exposed information such as “phone numbers, home addresses, email addresses, and personal characteristics for every name.” Connected from there was information branching to “interests and habits, plus the number, age, and gender of the person’s children.”
Children’s data is often sought because not only are they very easy to sell things to (by making them nag the parent), but they can be molded to think a certain way for life if groomed early enough, just ask the education system.
Additional leaked information included what kind of pet a person owns, what religion they profess, and even whether or not they smoke.
“Malicious intent” has not so far been proven, so this isn’t yet as bad as the Equifax leak, but who is to say how this could end? With 340 million people at risk, it is a bit worrisome to just hope for the best.
Still, Exactis stock was down as of Thursday morning. They claim “to have data on 218 million individuals, including 110 million U.S. households,” as well as “3.5 billion ‘consumer, business, and digital records.'”
Vinny Troia is the security researcher who found and reported the leak to Exactis. He had looked up “40 or 50 names” and each one came up for him. While the company has since re-secured the data, this is like bolting the barn door after the horses are running wild.
“I searched celebrities, I searched people I know,” the tech expert added. “It seems like this is a database with pretty much every U.S. citizen in it.” Troia, founder of New York’s security company “Night Lion Security” said that some of the data was outdated but “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”
Just let that sink in. He said, “pretty much every U.S. citizen.” This data was, in many cases, demanded from people in order for life to get done and business to take place, yet this is the outcome. This was never supposed to the be way to handle private information.
Troia was interested in the security of ElasticSearch, “a popular type of database that’s designed to be easily queried over the internet using just the command line.” To his horror, he found the site unprotected and he told the F.B.I. about it.
“General financial” information was leaked out, though social securities numbers are thought not to have been. Just the same, if the right person has enough “general financial” information, they can become virtually anyone, at least long enough to buy some items and hide.
“When I looked myself up, I found the name of my mortgage lender, the value class of my home and whether or not I had certain kind of credit card,” Troia confessed.
This is what the annoying phrases “e-commerce” and “e-business solutions” have reaped for everybody. Massive databases exist all over the great aether that has everyone’s information all but flashed in neon balloon letters for anyone who can pass a basic hacking test.
By then, of course, it is too late.