A new data leak could hit hundreds of millions of Americans, perhaps more than the nearly 150 million affected by the Equifax breach.
Exactis, a Florida-based marketing and data aggregation company, has leaked detailed information about individual adults and companies, a security researcher said. While the exact number of people affected is unknown, the leak covered about 340 million records on a publicly accessible server.
Wired first reported that the information disclosed included phone numbers, home addresses, e-mail addresses, and personal characteristics for each name, such as interests and habits, as well as the number, age, and gender of the person's children. Other types of information found, including religion, whether a person smokes, and type of pet.
No evidence has emerged that someone with malicious intent received the data from Exactis. This sets him apart from the Equifax hack, which was a cyberattack on the company's data.
Exactis' website claims data from 21
Vinny Troia, the security researcher who discovered the leak and reported it to Exactis – what he said has been protecting the data ever since – said on Thursday he searched for about 40 or 50 names and searched all he searched for "I was looking for celebrities, I was looking for people I know," he said.
"It seems like this is a database of just about every US citizen," Troia, founder of New York-based security firm Night Lion Security said Wired, who also asked Troia to look up names in the database and confirm the authenticity of some of the information, although some of it was outdated. "I do not know where the data came from, but it's one of the most comprehensive collections I've ever had
Troia told Wired that he was curious about the safety of ElasticSearch, which called the magazine "a popular type of database that can be easily accessed via the command line over the Internet. "When he did a search in the database, he found the Exactis database, which was not protected, said he had reported the results to the FBI."
If the Exactis numbers are correct, the leak would become one The largest breaches of data security and last year's Equifax violation and the number of Facebook users affected exceed the Cambridge Analytica privacy scandal, which was up to 87 million according to Facebook
The information leaked from Exactis did not include any social security numbers such as but it contained some general financial information, said Troia.
"When I looked at myself, I found my mortgage lender's name, my home's value class, and whether or not I had some sort of credit card," Troia said :
Marc Rotenberg, Managing Director of the non-profit Electronic Privacy Information Center, said Wired that the information leaked by Exactis could be used to impersonate others.
Exactis did not return a request for comment. The company's customers include media, financial services and e-commerce companies, which, according to Crunchbase, support targeted marketing campaigns.