A marketing firm may be responsible for leaking 340 million data records, including information on 230 million Americans, this week.
In total, the two terabytes of data included personal information for hundreds of millions of American adults and millions of businesses, according to Wired.
Financial information and social security numbers were not included in the database, but it did store details on individuals, “including phone numbers, home addresses, email addresses, and other highly-personal characteristics. The categories range from interests and habits to the number, age, and gender of the person’s children,” according to Wired, which verified that the data was legitimate.
The data trove was discovered by a security researcher named Vinny Troia, according to Wired. Troia founded New York-based security company Night Lion Security. Troia found that a data broker based in Palm Coast, Fla., called Exactis stored a database, which was published on a publicly accessible server, completely open to anyone who knew how to find it, the report said.
It’s unknown how long the database was exposed, Troia told PCMag.
There’s no word just yet on whether Exactis will face legal repercussions, but Troia contacted the company and the FBI when he found the database, and the company responded by locking it out so no further users could access it, Wired said.
The official Exactis website says it is “a leading compiler and aggregator of premium business and consumer data with over 3.5 billion records.” Exactis says it provides the information to marketing partners and its 400 different points of data include “demographic, geographic, lifestyle, interests, automotive, behavioral,” and more.
Market Watch reported that Exactis collects data on people through cookies (data stored by internet browsers), which can track just about everything a user is doing on the internet and communicate it to other sites, users and devices. The company was founded in 2015 and has offices in California, Florida and New York, according to the Exactis LinkedIn profile.
What’s more, the amount of data on those publicly accessible servers is larger than what was made public in the Yahoo or Equifax leaks. Equifax leaked information on about 147.9 million Americans and Yahoo exposed data on 500 million account users, which, though a larger number, only included limited information.