Published June 28, 2018, the database leak of Florida-based marketing and data aggregation firm Exactis has been disclosed to the public. Exactis focuses on the mass collection and trading of data in order to provide highly accurate and targeted advertisements to its audience. This is considered to be one of the biggest breaches of all time, affecting over 340 million records, with over sixty percent affecting consumers and the rest affecting businesses
The vulnerable information was discovered by a security researcher who observed Exactis’ database visible on a publicly accessible server, unguarded by perimeter devices. It is unknown if this data had been acquired by other parties prior to the disclosure, but Exactis has reported that the data is no longer publicly accessible.
The information available from this exposure could allow malicious actors to improve the success of their social engineering attacks due to the highly personal nature of the data exposed. Some of the leaked data includes: age, gender, phone numbers, email addresses, home address, religious preferences, clothing size, gender of children and other information classifying behavioral data, lifestyle interests and more. At this time, no financial information or Social Security numbers have been leaked.
Proficio Threat Intelligence Recommendations:
- The severity of this exposed information allows for the heightened accuracy of social engineering attacks. If an email looks suspicious or is from an unknown entity, it is advised to delete the email immediately. Do not click on links shown within the email.
- Ensure sensitive company-owned data is not publicly accessible.
McAfee Source Link –
Wired Source Link –
