Earlier this month, the renowned security researcher Vinny Troia announced that he discovered an unsecured database containing around 340 million individual records. According to Troia, the database included profiles of a few hundred million Americans belonging to Exactis, a Florida-based marketing and data-aggregation firm.
Troia told Wired that the catch contains about two terabytes of data that includes personal information of almost every American adult, along with millions of businesses.
While the database does not include credit-card numbers or Social Security information, it does include phone numbers, home addresses, email addresses and personal characteristics for every name, such as interests and personal habits, plus the number, age, and gender of the person’s children. Other types of information found: religion, whether a person smokes, kind of pet. Even though the millions of individual profiles did not include financial information, it was more than enough data to help scammers steal identities.
“It seems like this is a database with pretty much every US citizen in it,” said Troia, who is the founder of his own New York-based cyber security company, Night Lion Security.
If Troia’s numbers are remotely accurate, this leak could be one of the most significant data security breaches in several years, surpassing last year’s Equifax breach and the Facebook debacle with Cambridge Analytica.