Internet security researcher Vinny Trola recently made a huge and disturbing discovery. A marketing firm called Exactis had left a massive database unsecured, allowing anyone who stumbled across it to access it.
As a marketing firm, Exactis collects simply mind-boggling amounts of data on consumers all over the globe.
The database in question was a staggering two terabytes in size, and contained more than 150 data fields. Social security numbers were not included in the exposed data.
A variety of personal identification was available, including:
Bank account details (including balances)
Information on other financial accounts, including stock holdings
Donations to political causes
The number of children living in the person’s home
The ages of those children
In short, it’s more than enough personally identifiable information to make it a casual exercise for a determined hacker to link it back to a person’s social security number. Even if they didn’t want to jump through the hoops to do that, there’s still enough information in the massive data file that it could open the door to all manners of phishing and other scams.
Trola informed Exactis about the exposed database, and the company immediately took steps to secure it. However, it was sitting there completely unguarded and unsecured for more than two months, and there’s no telling how many people may have accessed the data inappropriately.
Exactis has no formal relationship with any of the people they collect data on, so they’re under no obligation to and are unlikely to inform the people in the database that their personal information was exposed. Given that, your best bet is to assume that you were mentioned in the database, and be on the alert for phishing and other scams in the months ahead.
President & CEO
I hope you enjoyed this article. My mission is to take your stress away from dealing with IT problems. Call (252) 565-1235 or send me a message at our contact us page if you have a question, comment or want help.