As reported by Wired, it was discovered earlier this month that the company exposed a database containing records for about 340 million individuals - both people and businesses - on an unprotected server, amounting to a whopping two terabytes of personal data. Unlike Equifax, or the colossal Yahoo breach, there's now no evidence to suggest hackers obtained any of Exactis' data and used it with malicious intent.
'I don't know where the data is coming from, but it's one of the most comprehensive collections I've ever seen, ' Mr Troia told Wired. "I searched celebrities, I searched people I know", he said.
Troia notified both Exactis and the Federal Bureau of Investigation about the exposed data last week.
The official Exactis website says it is "a leading compiler and aggregator of premium business and consumer data with over 3.5 billion records". If the numbers on Exactis' website are correct, this could potentially be one of the largest data security breaches in some time, beating the Equifax breach of past year and the recent Cambridge Analytica scandal which saw the private info of 87 million Facebook users allegedly left vulnerable.
In this September 24, 2010, file photo the National Cybersecurity & Communications Integration Center (NCCIC) prepares for the Cyber Storm III exercise at its operations center in Arlington, Va. Apple fans who froze their credit after the Equifax data breach may end up with another hassle on their hands if they try to get one of the new iPhones that can cost more than $1,000. Electronic records can lower costs, cut bureaucracy and ultimately save lives. Unfortunately for marketing firm, Exactis, this story has less to do with someone "breaching" and much more to do with poor security practices. He also mentioned that most data gathered by information brokers (like Exactis) is actually retrieved from private outlets, including online subscriptions.
The database was 2TB in size and contains plenty of identifiable information - luckily, credit card information and social security numbers were not revealed. "The problem with most enterprises today", said Ruchika Mishra, Balbix director of products and solutions, "is that they don't have the foresight and visibility into the hundreds of attack vectors - be it misconfigurations, employees at risk of being phished, admin using credentials across personal and business accounts - that could be exploited". The company's clients include companies in the media, financial services and e-commerce industries, which it helps with targeted marketing campaigns, according to Crunchbase.