your personal info at large: again

Status
Not open for further replies.
Joined
Aug 12, 2011
Messages
4,111
Location
IL/GA ,USA
MarketWatch link
Originally Posted By: Market Watch:

A little-known Florida company may have exposed the personal data of nearly every American adult, according to a new report.

Wired reported Wednesday that Exactis, a Palm Coast, Fla.-based marketing and data-aggregation company, had exposed a database containing almost 2 terabytes of data, containing nearly 340 million individual records, on a public server. That included records of 230 million consumers and 110 million businesses.

“It seems like this is a database with pretty much every U.S. citizen in it,” security researcher Vinny Troia, who discovered the breach earlier this month, told Wired. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” he said.
...
While the database apparently does not include credit-card numbers or Social Security numbers, it does include phone numbers, email and postal addresses as well as more than 400 personal characteristics, such as whether a person is a smoker, if they own a dog or cat, their religion and a multitude of personal interests. Even though no financial information was included, the breadth of personal data could make it possible to profile individuals or help scammers steal identities.


Isn't this the second case of a marketing company with too much data? (last one some years ago with a company being fed data from major banks?)
 
Time to put some teeth into enforcing incidents of lax handling of consumer data. Prison time. And not in some minimum security white collar resort, rather, (edit - mod) prison...

vid removed
 
Last edited by a moderator:
I agree. It not only these kinds of security breaches or screwups, its people putting too much of their own info out there without realizing it. There was a thread here a few months or whenever ago and people were slamming social media users giving out too much info, and one of the more well known users here was talking smack about how dumb people (other people, certainly not him...) are and how lose with their information. Using nothing more than this persons user name, what he did for a living (which he made plenty known here), the cars in his profile, and the city in his profile, I was able to track him to other forums, I found out his real name (someone had called him by his real first name in a thread), and googling his first name, occupation, and city I then found his whole name, which I was then able to find on the county auditor website where I got his address, how much he paid for his house, and his wifes name, which I then tracked to Facebook and had pictures of him and his family, and also his position at his current job and exactly where he works. and using that, found his email address and phone number. I was also able to use google maps and using street view I captured pictures of his house, which showed at least one of the cars in his profile parked in his driveway, so I knew I had the right person.

I was going to put all this info here on that thread and tell him maybe before calling the rest of the world so dumb, he might want to reconsider his own intelligence and how loose he had been with his own info, but I thought the better of it and figured I'd get banned, even though every single piece of information I had gotten easily, publically, fair and square, all of it easily retrieved using nothing more than the tidbits he himself had made known here and elsewhere.

I worked in repossessions for about 6 years so maybe I am more inquisitive or more up on how to find people using very little information, but I dont care how careful some people think they are, there are a LOT of resources available and even what little info you may think you have put out there, its downright easy to find people.

These big security breaches and mess-ups we hear about every now and then just makes it all worse.
 
We could also make data collecting and sharing (with "sister companies") illegal.
Originally Posted By: LoneRanger
Time to put some teeth into enforcing incidents of lax handling of consumer data. Prison time. And not in some minimum security white collar resort, rather, (edit - mod) prison...

vid removed
 
Originally Posted By: LoneRanger
Time to put some teeth into enforcing incidents of lax handling of consumer data. Prison time. And not in some minimum security white collar resort, rather, (edit - mod) prison...

vid removed




I agree 100%. I'm all for building thousands of prisons, or however many it takes, to keep all criminals in for the duration. Overcrowding should NEVER ever be a valid reason for releasing anyone early.
 
My question is why hasn’t anyone been blasted yet? Several of these have occurred yet nothing’s been done. And while I’m ranting, what really [censored] me off is experion losing all our data, then wanting you to join thier little ‘dark web” scam for your “protection”, when they are the root cause!
 
Originally Posted By: LoneRanger
Time to put some teeth into enforcing incidents of lax handling of consumer data. Prison time. And not in some minimum security white collar resort, rather, (edit - mod) prison...

vid removed



I agree...these people aren't going to self regulate, so give them the incentive either to
a) do a decent job of protecting the data
b) realise that the costs, including personal aren't worth the risk of collecting it.

Regarding information given out, I know that I can be identified pretty easily just from this forum...I accept that...it's my choice.

http://mobile.abc.net.au/news/2018-06-06...ection=business

but when all of industry is outsourcing harvesting of job applications, resumes, and placements, all sorts of extra details are released...stuff that you can't withhold while going through those processes.
 
Originally Posted By: quint
I agree. It not only these kinds of security breaches or screwups, its people putting too much of their own info out there without realizing it. There was a thread here a few months or whenever ago and people were slamming social media users giving out too much info, and one of the more well known users here was talking smack about how dumb people (other people, certainly not him...) are and how lose with their information. Using nothing more than this persons user name, what he did for a living (which he made plenty known here), the cars in his profile, and the city in his profile, I was able to track him to other forums, I found out his real name (someone had called him by his real first name in a thread), and googling his first name, occupation, and city I then found his whole name, which I was then able to find on the county auditor website where I got his address, how much he paid for his house, and his wifes name, which I then tracked to Facebook and had pictures of him and his family, and also his position at his current job and exactly where he works. and using that, found his email address and phone number. I was also able to use google maps and using street view I captured pictures of his house, which showed at least one of the cars in his profile parked in his driveway, so I knew I had the right person.

I was going to put all this info here on that thread and tell him maybe before calling the rest of the world so dumb, he might want to reconsider his own intelligence and how loose he had been with his own info, but I thought the better of it and figured I'd get banned, even though every single piece of information I had gotten easily, publically, fair and square, all of it easily retrieved using nothing more than the tidbits he himself had made known here and elsewhere.

I worked in repossessions for about 6 years so maybe I am more inquisitive or more up on how to find people using very little information, but I dont care how careful some people think they are, there are a LOT of resources available and even what little info you may think you have put out there, its downright easy to find people.

These big security breaches and mess-ups we hear about every now and then just makes it all worse.
Hope that wasn't me! I try not to put too much on FB, but the Mrs. puts stuff on there all the time. The fact I'm on LinkedIn probably doesn't help either.
 
The plot thickens... The CEO of Exactis worked for Equifax....

Also, it seems a lot of data has been gathered from internet data mining....

Originally Posted By: quint
I agree. It not only these kinds of security breaches or screwups, its people putting too much of their own info out there without realizing it. There was a thread here a few months or whenever ago and people were slamming social media users giving out too much info, and one of the more well known users here was talking smack about how dumb people (other people, certainly not him...) are and how lose with their information. Using nothing more than this persons user name, what he did for a living (which he made plenty known here), the cars in his profile, and the city in his profile, I was able to track him to other forums, I found out his real name (someone had called him by his real first name in a thread), and googling his first name, occupation, and city I then found his whole name, which I was then able to find on the county auditor website where I got his address, how much he paid for his house, and his wifes name, which I then tracked to Facebook and had pictures of him and his family, and also his position at his current job and exactly where he works. and using that, found his email address and phone number. I was also able to use google maps and using street view I captured pictures of his house, which showed at least one of the cars in his profile parked in his driveway, so I knew I had the right person.

I was going to put all this info here on that thread and tell him maybe before calling the rest of the world so dumb, he might want to reconsider his own intelligence and how loose he had been with his own info, but I thought the better of it and figured I'd get banned, even though every single piece of information I had gotten easily, publically, fair and square, all of it easily retrieved using nothing more than the tidbits he himself had made known here and elsewhere.

I worked in repossessions for about 6 years so maybe I am more inquisitive or more up on how to find people using very little information, but I dont care how careful some people think they are, there are a LOT of resources available and even what little info you may think you have put out there, its downright easy to find people.

These big security breaches and mess-ups we hear about every now and then just makes it all worse.
 
Originally Posted By: quint
I agree. It not only these kinds of security breaches or screwups, its people putting too much of their own info out there without realizing it.


Yes and no. There are plenty of people who put too much info on social media and are setting themselves up for trouble, but try buying anything online without a phone number, e-mail or credit card. It is impossible. The reality is this day in age you won't get very far with trying to buy everything anonymously with cash.

The problem is companies know this, and instead insist you agree to their terms to share/profit off your data knowing you don't have much of a choice. While I'm not thrilled that corporations are profiting off my shared data, the bigger issue is security, and how they are somehow not responsible for issues/losses caused by data breaches. I work in IT, and I'd be fired immediately and potentially sued if I did similar things.
 
Originally Posted By: LoneRanger
Time to put some teeth into enforcing incidents of lax handling of consumer data. Prison time. And not in some minimum security white collar resort, rather, (edit - mod) prison...

vid removed



The most effective legislation might be that which would require either a positive opt in or the right to opt out of any accumulation of PII by anyone anywhere. This is the approach the EU has taken.
The world worked just fine prior to the advent of the net and cheap IT hardware and software and the cheap and easy aggregation of PII that these tools allowed. It should be particularly galling that these aggregators sell this data while having no fundamental ownership rights to it.
As long as there is PII out there, it'll always be subject to compromise even if handled well.
There is always the likelihood of bent staffers providing this information however well the trove is protected from outside attack.
You can't sell, deal or compromise information that isn't there.
 
The data merchants will never be held accountable for breaches. They OWN the regulators. A few years ago I froze all 3 credit reports. When the Equifax data breach happened I got the standard letter that my info was compromised. I took the letter to my small town police department and filed a police report. The cops did not want to file a report ( lazy donut eaters ) but eventually did so. The report copies cost 5 bucks. I sent the police report to the 3 major credit bureaus. I now have a 7 year fraud warning on my credit report. My landline or cell must be called before granting credit.

For 10 bucks in copy fees and postage, I am as close to fraud proof as possible.
 
Politicians understand now know how to manipulate and mine this data. It will remain unregulated as too much to be gained. It has changed our political landscape. They won’t touch it.

This is not a statement about current events but at least the last 10 years.
 
Status
Not open for further replies.
Back
Top