A new data leak could hit hundreds of millions of Americans, perhaps more than the nearly 150 million affected by the Equifax breach.
Exactis, a Florida-based marketing and data aggregation company, has leaked detailed information about individual adults and companies, says a security researcher. While the exact number of people affected is unknown, the leak covered about 340 million records on a publicly accessible server.
Wired was the first to report that the information discovered included phone numbers, residential addresses, e-mail addresses and personal characteristics for each name, such as interests and habits as well as number , Age and sex of the person's children. Other types of information found: Religion, whether a person smokes and type of pet.
There's no evidence that someone with malicious intent actually got the Exactis data. This sets him apart from the Equifax hack, which was a cyberattack on the company's data.
Read about the new Californian privacy law.
On the website of Exactis ̵
1; which was inaccessible from the year 2000 Thursday morning – data from 218 million people, including 110 million US households, and 3.5 billion "consumer, business and digital records ".
Vinny Troia, the security researcher who discovered the leak and reported Exactis – who he claims has been protecting the data since then – told this Thursday publication that he was looking for about 40 or 50 names and all he was after searched, came up. "I was looking for celebrities, I was looking for people I know," he said.
"It seems like this is a database with just about every US citizen," said Troy, who is also the founder of New York's security firm Night Lion Security, Wired, who also asked Troia to look up names in the database and the To confirm authenticity of some of the information, although some of it was outdated. "I do not know where the data came from, but it's one of the largest collections I've ever seen."
Troia told Wired he was curious about the safety of ElasticSearch, which describes the magazine as "a popular type of database that can easily be queried over the Internet with the command line." As he did a search in the database , he found the Exactis database, which was not protected. He said he also told the FBI about his findings.
If the Exactis numbers are correct, this leak would become one of the biggest breaches of data security, and last year's Equifax violation and Facebook number outnumber users affected by the Cambridge Analytica privacy scandal Facebook was up to 87 million
(CLICK HERE if you can not see this photo gallery on your mobile device.)
Richard F. Smith, former Chairman and CEO of Equifax, attends a hearing before the Digital Commerce and Consumer Protection Subcommittee of the House Commerce Committee on Capitol Hill, Tuesday, October 3, 2017, in Washington. (AP Photo / Carolyn Kaster)
This July 21, 2012, file photo shows signs at the corporate headquarters of Equifax Inc. in Atlanta. On Wednesday, March 28, 2018, Equifax announced that Mark Begor will become CEO as the credit reporting firm continues to seek to recover from the consequences of a massive data breach. (19659018)
The gallery continues in seconds
This Tuesday, September 12, 2017, file photo, the new iPhone X will be shown in the showroom after the product announcement at the Steve Jobs Theater on Apple's new campus in Apple, California. USA Apple fans who froze their credit after the Equifax data breach could face further trouble when trying to buy one of the new iPhones that can cost more than $ 1,000. People who have done that and want to make a big purchase may find the same thing. (AP Photo / Marcio Jose Sanchez, file)
Richard Smith, former Chief Executive Officer of Equifax, Inc., arrives at the Senate Trade Committee on Capitol Hill in Washington on Wednesday, November 8, 2017, during a hearing on " Protecting consumers in the age of data breaches "after the 2013 data breach at Yahoo! that was 3 billion user accounts and another at the beginning of this year at Equifax, which reached about 145 million. (19659023) Paulino do Rego Barros, Jr., left, Interim's Chief Executive Officer of Equifax, Inc., sits with Richard Smith, Center, former Chief Executive Officer of Equifax, Inc., and former Yahoo! Chief Executive Officer Marissa Mayer, right, speaks at the Senate Trade Committee on Capitol Hill in Washington on Wednesday, November 8, 2017, during a hearing on "consumer protection in the age of data breaches," according to 2013 data breach at Yahoo! that involved 3 billion user accounts. (19659014) Paulino do Rego Barros, Jr., left, Interim Chief Executive Officer of Equifax, Inc., sits with Richard Smith, center, former Chief Executive Officer of Equifax, Inc. and former Yahoo! Chief Executive Officer Marissa Mayer, right, speaks at the Senate Trade Committee on Capitol Hill in Washington on Wednesday, November 8, 2017, during a hearing on "consumer protection in the age of data breaches," according to 2013 data breach at Yahoo! that involved 3 billion user accounts. (AP Photo / Susan Walsh)
In this September 24, 2010, the National Cyber Security & Communications Integration Center (NCCIC) is preparing Cyber Storm III training at its operations center in Arlington, Virginia. It will be several more years before the government installs high-tech systems that can detect and block computer intrusions. This gives hackers more time to figure out how to break networks and steal sensitive data. The weaknesses in government computer security have been exposed with the release of WikiLeaks. (AP Photo / J. Scott Applewhite, file)
Paulino do Rego Barros, Jr., provisional Chief Executive Officer of Equifax, Inc., testifies before the Senate Trade Committee on Capitol Hill in Washington on Wednesday, November 8, 2017, during A hearing on "Protecting consumers in the age of data breaches" following Yahoo's data protection breach at Yahoo! that was 3 billion user accounts and another at the beginning of this year at Equifax, which reached about 145 million. (AP Photo / Susan Walsh)
This file photo from November 18, 2009 shows credit and debit cards. Apple fans, who have frozen their credit after the Equifax data breach, might be in for more trouble with their purchases of one of the new iPhones, which can cost more than $ 1,000. People who have done that and want to make a big purchase may find the same thing. (Photo: Martin Meissner, File)
In this photo on June 30, 2011, Aaron Titus, Chief Privacy Officer and Vice President Business Development, works at Identity Finder, an Internet company that develops software to find and protect sensitive office information in New York. Electronic records can cut costs, reduce bureaucracy and ultimately save lives. But at a time when computer hacking threats are becoming more common, the risks of data breaches are very important. (AP Photo / Bebeto Matthews)
The information leaked from Exactis did not include any social security numbers like the Equifax breach. But it contained some general financial information, Troia said Thursday.
"When I looked at myself, I found my mortgage lender's name, my home's value class, and whether or not I had some sort of credit card," Troia said.
Marc Rotenberg, executive director of the not-for-profit Electronic Privacy Information Center, told Wired that information leaked from Exactis could be used to embody others.
Exactis did not return a request for comment. The company's customers include media, financial services and e-commerce companies that support targeted marketing campaigns, according to Crunchbase.