Internet security researcher Vinny Trola recently made a huge and disturbing discovery. A marketing firm called Exactis had left a massive database unsecured, allowing anyone who stumbled across it to access it.
As a marketing firm, Exactis collects simply mind-boggling amounts of data on consumers all over the globe.
The database in question was a staggering two terabytes in size, and contained more than 150 data fields. Social security numbers were not included in the exposed data.
A variety of personal identification was available, including:
- Name
- Political affiliation
- Bank account details (including balances)
- Information on other financial accounts, including stock holdings
- Political affiliation
- Donations to political causes
- The number of children living in the person’s home
- The ages of those children
In short, it’s more than enough personally identifiable information to make it a casual exercise for a determined hacker to link it back to a person’s social security number. Even if they didn’t want to jump through the hoops to do that, there’s still enough information in the massive data file that it could open the door to all manners of phishing and other scams.
Trola informed Exactis about the exposed database, and the company immediately took steps to secure it. However, it was sitting there completely unguarded and unsecured for more than two months, and there’s no telling how many people may have accessed the data inappropriately.
Exactis has no formal relationship with any of the people they collect data on, so they’re under no obligation to and are unlikely to inform the people in the database that their personal information was exposed. Given that, your best bet is to assume that you were mentioned in the database, and be on the alert for phishing and other scams in the months ahead.
