Exactis Data Breach

Status
Not open for further replies.
Joined
Dec 29, 2014
Messages
1,700
Location
'murica
Originally Posted by mcafee.com
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis' database was sitting on a publicly accessible server.

Originally Posted by haveibeenpwned.com
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.

Compromised data: Credit status information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages

Originally Posted by marketwatch.com
Exactis gets information on users through cookies, small packets of data sent out by a website when a user visits it and stored in that user's data, according to Mark Weinstein, privacy expert and founder of social media site MeWe. These files help the website keep track of the user's movement within the site. When cookies are collected across different websites, it helps create a larger picture of a user's browsing habits. This tracking has gotten more extreme and detailed in recent years, he said.

"As cookies track everything we do around the web, they sync together, pinging each other and sharing the data they have on you and requesting the sites you visit to do the same," he said. "Today's cookies can link your mobile phone to your laptop, to your home monitoring devices, and much, much more. Creepy? Scary? Orwellian? Yes, yes, yes! So imagine that Exactis, like Facebook et.al, knows everything about you — really."

I wanted to post this because every time internet privacy/security gets discussed on BITOG, there are at least a couple naysayers or contrarians who come in with "I have nothing to hide", et cetera. Well, here we are: a tech company with 10 employees... who no one has ever heard of... who none of us have ever contracted with... has built comprehensive profiles on all of us, based on our internet browsing history... then they stored the database unencrypted... and they LOST THE DATABASE.

FTC - Credit Freeze FAQs
 
These companies that mine our data then sell it for profit should absolutely be held responsible for mishandling it. I find it ridiculous when cases like the Equifax breach come about and they basically throw up their arms and say "oh well". I work for an IT company, and we are 100% responsible for the security of our customer data.
 
Originally Posted by jeepman3071
These companies that mine our data then sell it for profit should absolutely be held responsible for mishandling it. I find it ridiculous when cases like the Equifax breach come about and they basically throw up their arms and say "oh well". I work for an IT company, and we are 100% responsible for the security of our customer data.

And I believe the Federal Government just signed a huge contract with them after the data breach. Go figure.
 
Originally Posted by jeepman3071
These companies that mine our data then sell it for profit should absolutely be held responsible for mishandling it. I find it ridiculous when cases like the Equifax breach come about and they basically throw up their arms and say "oh well". I work for an IT company, and we are 100% responsible for the security of our customer data.


+1 strong laws with stiff penalties that protect citizens. ABSOLUTELY.
 
There is some alarmism in the articles. Now, with respect to cookies and privacy, I do clear cookies upon every browser exit, and use adblocks, and so forth. However, I'm not sure how cookies are going to allow a company to obtain my social insurance number, income, or family makeup.
 
Originally Posted by Garak
There is some alarmism in the articles. Now, with respect to cookies and privacy, I do clear cookies upon every browser exit, and use adblocks, and so forth. However, I'm not sure how cookies are going to allow a company to obtain my social insurance number, income, or family makeup.


I was wondering the same thing. Any website that I use that requires sensitive data input uses encryption software.

I didn't think cookies carried any vital information at all.
 
Umm, THEY HAVE ALL YOUR INTERNET BROWSING DATA. They know your income because they pay attention to whether you're shopping at Walmart vs Whole Foods. They know your family makeup because they see you buying diapers and baby formula, or buying back-to-school clothes for your kids, or researching retirement homes for your parents. The lost information compromises your identity because it enables social engineering attacks.
 
I'm just going to sit back, and giggle myself silly.
I have been working in the online ad serving, consumer data and marketing industries for the past 12+ years.
You guys are only scratching the surface of what's available to the industry about you, and your online and offline profiles.

Good luck to you if you think there's anything you can do, short of moving to Peru, and living completely off the grid in the mountains.

BC.
 
Status
Not open for further replies.
Back
Top