A marketing firm has reportedly leaked detailed information on hundreds of millions of Americans online.
The company is called Exactis, and it’s one of the many shadowy operations that trade and collate people’s personal data so that ads can be accurately targeted at them. According to Wired, a security researcher called Vinny Troia found Exactis’s database sitting on a publicly accessible server.
The technique Troia used to find the database was pretty simple, involving a widely-used piece of software for scanning the Internet for such things, and he reckons others may have easily already found the information. Exactis has apparently since protected the database, though it may be too late.
So what’s in there? According to Wired, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.
The information didn’t include credit card details or social security numbers, but it did include everything from email addresses, home addresses and phone numbers to details on religion, smoking habits, and pets.
Wired confirmed the authenticity of the data, though noted that it was in some cases out of date or inaccurate. Some of it seemed to be available in public records, but a lot of it appeared to come from things like magazine subscriptions and transaction records.
A leak of 230 million individuals’ data would outstrip Equifax’s epic 2017 breach, but not Yahoo’s 3-billion-people whopper.
Exactis had not responded to a request for comment at the time of writing.