A new data leak could hit hundreds of millions of Americans, perhaps more than the nearly 150 million affected by the Equifax breach.
Exactis, a Florida-based marketing and data aggregation company, has leaked detailed information about individual adults and companies, a security researcher said. While the exact number of people affected is unknown, the leak covered about 340 million records on a publicly accessible server.
Wired first reported that the information disclosed included phone numbers, home addresses, e-mail addresses, and personal characteristics for each name, such as interests and habits, as well as the number, age, and gender of the person's children. Other types of information that were found were religion, whether a person smoked and the type of pet.
No evidence was found that someone with malicious intent received the data from Exactis. This sets him apart from the Equifax hack, which was a cyberattack on the company's data.
Exactis' website claims data from 21
Vinny Troia, the security researcher who discovered the leak and reported it to Exactis – what he said has been protecting the data ever since – said on Thursday he searched for about 40 or 50 names and searched all he searched for on. "I was looking for celebrities; I was looking for people I know, "he said.
" It seems like this is a database of just about every US citizen, "said Troia, founder of New York security firm Night Lion Security, to Wired asking Troia, Although some of them were outdated, "I do not know where the data came from, but it's one of the most comprehensive collections I've ever seen."
Troia told Wired That he was curious about the safety of ElasticSearch, which called the magazine "a popular type of database that can easily be queried via the command line over the Internet. "When he did a search in the database, he found the Exactis database, which was not protected, said he had reported the results to the FBI."
If the Exactis numbers are correct, the leak would become one The largest breaches of data security and last year's Equifax violation and the number of Facebook users affected exceed the Cambridge Analytica privacy scandal, which was up to 87 million according to Facebook
Exactis leaked information did not include any social security numbers such as but it contained some general financial information, said Troia.
"When I looked at myself, I found the name of my mortgage lender, the value class of my house, and whether or not I had some sort of credit," said Troia.
Marc Rotenberg, Managing Director of the non-profit Electronic Privacy Information Center, said Wired, the s the information provided by Exactis could be used to impersonate others.
Exactis did not return a request for comment. The company's customers include media, financial services and e-commerce companies, which, according to Crunchbase, help with targeted marketing campaigns.