“Exactis might be fueled by data, but its recent blunder is a warning that any database without firewall protection is susceptible to leaks,” Katrina Filippidis reports for Engadget. “The data aggregation company recently exposed over 300 million personal records — statistically speaking, that’s enough to cover the entire US population.”
“The leak was first discovered by Vinny Troia, a security researcher and founder of Night Lion Security. On a routine investigation using Shodan — a search engine that allows users to identify internet-connected devices — he looked up databases on open servers, and eventually stumbled upon the Exactis database, which, rather curiously, lacked any kind of firewall,” Filippidis reports. “He found a 2TB data bank that stored nearly 340 million individual records, completely exposed to anyone acquainted well enough with cyber security.”
“Sensitive data including personal interests, home and email addresses, religious beliefs, smoking status, phone numbers, and even the number, age and sex of a family’s children — were all visible,” Filippidis reports. “Unlike Equifax, or the colossal Yahoo breach, there’s currently no evidence to suggest hackers obtained any of Exactis’ data and used it with malicious intent.”
Read more in the full article here.
“‘It seems like this is a database with pretty much every US citizen in it,’ says Troia, who is the founder of his own New York-based security company, Night Lion Security. Troia notes that almost every person he’s searched for in the database, he’s found,” Andy Greenberg reports for Wired. “And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them. ‘I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,’ he says.”
“Troia contacted both Exactis and the FBI about his discovery last week, and he says the company has since protected the data so that it’s no longer accessible,” Greenberg reports. “While the lack of financial information or Social Security numbers means the database isn’t a straightforward tool for identity theft, the depth of personal info nonetheless could help scammers with other forms of social engineering, says Marc Rotenberg, executive director of the nonprofit Electronic Privacy Information Center.”
Read more in the full article here.
MacDailyNews Take: Would that the levels of security and privacy that Apple delivers were matched by companies that are in possession of pretty much everything needed to steal someone’s identity and basically ruin their lives. All of the information that people like us choose Apple products in order to protect can be pissed away in one fell swoop by braindead outfits like Exactis. Looks like we could have used some random porous Windows PCs and Android phones for all that privacy and security matters to shit outfits like Exactis.
Guard your privacy as best you can, but, hey, keep sending your DNA to random companies to do with whatever they like, m’kay? (dripping sarcasm)
Equifax’s latest breach is very possibly the worst leak of personal info ever – September 8, 2017
Beleaguered Yahoo faces U.S. SEC probe over data breaches – January 23, 2017
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
1.16 million more reasons why Apple Pay is the future: Staples’ security breach payment card debacle – December 20, 2014
Judge rules banks can sue Target over credit card breach; Apple Pay value proposition intensifies – December 8, 2014
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014