Security researcher Vinny Troia has discovered a database containing personal records of 340 million people on a publicly accessible server. The data belongs to Exactis, a Florida based marketing company.
Troia discovered the database while using Shodan search engine to find all ElasticSearch databases visible on publicly accessible servers with American IP addresses.
The exposed data contains personal information of the individual listed, including phone numbers, home addresses, email addresses and their highly personal characteristics for every name.
“The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses. While the precise number of individuals included in the data isn’t clear—and the leak doesn’t seem to contain credit card information or Social Security numbers—it does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person’s children” said in the post published by Wired.
Troia discovered two versions of Exactis database in which one of them was added when he was observing the server.
Combining both versions, it contains around 340 million records(230 million records on consumers and 110 million on business contacts) making it largest potential breach ever.
According to Exactis website it possesses data of 218 million individuals, including 110 million US households, as well a total of 3.5 billion consumer, business, and digital records.
The leaked data doesn’t contain any financial information or social security numbers. Troia informed Both FBI and Exactis about the breach and the company immediately secured the database.
Last year credit card reporting agency Equifax was hacked, and personal details of 143 million American were stolen.