Exactis Leak Exposed Data on Millions
You may or may not know about the Exactis leak discovered last month, but chances are it involves you. At the end of June, a security researcher named Vinny Troia found that the data broker Exactis left over 300 million records exposed online. While it did not reveal payment data or social security numbers, the type and amount of data may surprise you.
What data did Exactis leak?
Exactis is a data broker— this means that they collect records on people to sell to other businesses for marketing. So as a data broker, Exactis had a lot of detailed information on a lot of people. Their database listed things like addresses, emails, and other contact info tied to names.
But the database also leaked more detailed data. It had many specifics on people, such as religion, gender of children, and even if a person preferred cats or dogs. The database also showed individual interests, covering varied things like scuba diving or clothing.
What makes the Exactis leak useful to criminals?
Although this leak doesn’t show any especially sensitive data like SSNs, this data is still useful to criminals. Cyber criminals often use data like this to target specific individuals. Armed with these details, crooks could build campaigns meant to fool their target, or make a phony story more believable. It is especially helpful for things like fraud.
Criminals also may find it helpful on cracking passwords. Many people create passwords based on things they enjoy or that relate to them in some way. So this data could prove useful in these situations. And on websites using “Knowledge Based Questions” to verify identity, the Exactis leak may be very handy for forcing password resets.
Did cyber criminals steal the data?
Much like the Panera Bread leak earlier this year, we simply do not know. All we know for certain is that Exactis left the database open and free for anyone to look through. We do not know how long it was open, but after Troia contacted both the FBI and Exactis, they did finally secure it.
What can I do about this?
Since it is unclear exactly who’s data Exactis exposed, the best thing to do is stay vigilant. Exactis claims to have records of over 100 million American households, so this very likely includes you. Be watchful for any scams that try to use personal data, and continue to regularly monitor your accounts. This would also be a great time to review your passwords and consider changing them if they are too simple.
Although we are not sure who all this leak affects, it’s a good reason to start improving your cyber security practices. Start making the little changes today, and work towards bigger goals. Need help improving or planning cyber security in your business? Astria is ready to help. Don’t let things like the Exactis leak catch you off guard— Contact us today for the best in Cyber Security!