Exactis Data Breach

Joined
Dec 29, 2014
Messages
1,700
Location
'murica
Originally Posted by mcafee.com
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis' database was sitting on a publicly accessible server.
Originally Posted by haveibeenpwned.com
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses. Compromised data: Credit status information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages
Originally Posted by marketwatch.com
Exactis gets information on users through cookies, small packets of data sent out by a website when a user visits it and stored in that user's data, according to Mark Weinstein, privacy expert and founder of social media site MeWe. These files help the website keep track of the user's movement within the site. When cookies are collected across different websites, it helps create a larger picture of a user's browsing habits. This tracking has gotten more extreme and detailed in recent years, he said. "As cookies track everything we do around the web, they sync together, pinging each other and sharing the data they have on you and requesting the sites you visit to do the same," he said. "Today's cookies can link your mobile phone to your laptop, to your home monitoring devices, and much, much more. Creepy? Scary? Orwellian? Yes, yes, yes! So imagine that Exactis, like Facebook et.al, knows everything about you — really."
I wanted to post this because every time internet privacy/security gets discussed on BITOG, there are at least a couple naysayers or contrarians who come in with "I have nothing to hide", et cetera. Well, here we are: a tech company with 10 employees... who no one has ever heard of... who none of us have ever contracted with... has built comprehensive profiles on all of us, based on our internet browsing history... then they stored the database unencrypted... and they LOST THE DATABASE. FTC - Credit Freeze FAQs
 
Joined
Apr 15, 2010
Messages
7,829
Location
Connecticut
These companies that mine our data then sell it for profit should absolutely be held responsible for mishandling it. I find it ridiculous when cases like the Equifax breach come about and they basically throw up their arms and say "oh well". I work for an IT company, and we are 100% responsible for the security of our customer data.
 
Joined
Jul 15, 2003
Messages
3,169
Location
MN
Originally Posted by jeepman3071
These companies that mine our data then sell it for profit should absolutely be held responsible for mishandling it. I find it ridiculous when cases like the Equifax breach come about and they basically throw up their arms and say "oh well". I work for an IT company, and we are 100% responsible for the security of our customer data.
And I believe the Federal Government just signed a huge contract with them after the data breach. Go figure.
 
Joined
Aug 21, 2008
Messages
25,069
Location
ON, Canada eh?
Originally Posted by jeepman3071
These companies that mine our data then sell it for profit should absolutely be held responsible for mishandling it. I find it ridiculous when cases like the Equifax breach come about and they basically throw up their arms and say "oh well". I work for an IT company, and we are 100% responsible for the security of our customer data.
+1 strong laws with stiff penalties that protect citizens. ABSOLUTELY.
 
Joined
Dec 5, 2009
Messages
28,089
Location
Regina, Saskatchewan, Canada
There is some alarmism in the articles. Now, with respect to cookies and privacy, I do clear cookies upon every browser exit, and use adblocks, and so forth. However, I'm not sure how cookies are going to allow a company to obtain my social insurance number, income, or family makeup.
 
Joined
Dec 31, 2016
Messages
10,108
Location
Waco, TX
Originally Posted by Garak
There is some alarmism in the articles. Now, with respect to cookies and privacy, I do clear cookies upon every browser exit, and use adblocks, and so forth. However, I'm not sure how cookies are going to allow a company to obtain my social insurance number, income, or family makeup.
I was wondering the same thing. Any website that I use that requires sensitive data input uses encryption software. I didn't think cookies carried any vital information at all.
 

Ethan1

Thread starter
Joined
Dec 29, 2014
Messages
1,700
Location
'murica
Umm, <span style="font-weight: bold">THEY HAVE ALL YOUR INTERNET BROWSING DATA</span>. They know your income because they pay attention to whether you're shopping at Walmart vs Whole Foods. They know your family makeup because they see you buying diapers and baby formula, or buying back-to-school clothes for your kids, or researching retirement homes for your parents. The lost information compromises your identity because it enables social engineering attacks.
 
Joined
Feb 21, 2011
Messages
1,607
Location
Dacono, CO
I'm just going to sit back, and giggle myself silly. I have been working in the online ad serving, consumer data and marketing industries for the past 12+ years. You guys are only scratching the surface of what's available to the industry about you, and your online and offline profiles. Good luck to you if you think there's anything you can do, short of moving to Peru, and living completely off the grid in the mountains. BC.
 
Top