In June 2018, Wired reported that Exactis, a marketing and data-aggregation firm, leaked an estimated 340 million records in what is shaping up to be one of the largest data breaches in the United States to date.
The leak was discovered by Vinny Troia, security researcher and founder of Night Lion Security. Troia discovered Exactis’ leak while searching ElasticSearch, an internet database search engine. There he found Exactis’ database was accessible without any firewall protection. No information was provided concerning whether this leak has been accessed by unauthorized individuals.
Exactis’ website claims to have gathered data on over 218 million individuals. This included 110 million households across the U.S. and 3.5 billion “consumer, business, and digital records.” Troia searched dozens of names ranging from those of personal acquaintances to celebrities and found that almost every one of them existed in Exactis’ system.
The information that Exactis had gathered and stored included identifying information such as phone numbers, home addresses, and email addresses. It also included personal information such as religion, habits, and interests, as well as the number, age, and gender of the individual’s children.
While the information leaked did not include Social Security numbers and credit card information, the leak is significant because millions of persons were affected, and the personal information leaked could be used for nefarious purposes, including impersonation of the individuals whose information was released.