Originally Posted by mcafee.com
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis' database was sitting on a publicly accessible server.
Originally Posted by haveibeenpwned.com
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.
Compromised data: Credit status information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages
Originally Posted by marketwatch.com
Exactis gets information on users through cookies, small packets of data sent out by a website when a user visits it and stored in that user's data, according to Mark Weinstein, privacy expert and founder of social media site MeWe. These files help the website keep track of the user's movement within the site. When cookies are collected across different websites, it helps create a larger picture of a user's browsing habits. This tracking has gotten more extreme and detailed in recent years, he said.
"As cookies track everything we do around the web, they sync together, pinging each other and sharing the data they have on you and requesting the sites you visit to do the same," he said. "Today's cookies can link your mobile phone to your laptop, to your home monitoring devices, and much, much more. Creepy? Scary? Orwellian? Yes, yes, yes! So imagine that Exactis, like Facebook et.al, knows everything about you — really."
I wanted to post this because every time internet privacy/security gets discussed on BITOG, there are at least a couple naysayers or contrarians who come in with "I have nothing to hide", et cetera. Well, here we are: a tech company with 10 employees... who no one has ever heard of... who none of us have ever contracted with... has built comprehensive profiles on all of us, based on our internet browsing history... then they stored the database unencrypted... and they LOST THE DATABASE.
FTC - Credit Freeze FAQs
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis' database was sitting on a publicly accessible server.
Originally Posted by haveibeenpwned.com
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.
Compromised data: Credit status information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages
Originally Posted by marketwatch.com
Exactis gets information on users through cookies, small packets of data sent out by a website when a user visits it and stored in that user's data, according to Mark Weinstein, privacy expert and founder of social media site MeWe. These files help the website keep track of the user's movement within the site. When cookies are collected across different websites, it helps create a larger picture of a user's browsing habits. This tracking has gotten more extreme and detailed in recent years, he said.
"As cookies track everything we do around the web, they sync together, pinging each other and sharing the data they have on you and requesting the sites you visit to do the same," he said. "Today's cookies can link your mobile phone to your laptop, to your home monitoring devices, and much, much more. Creepy? Scary? Orwellian? Yes, yes, yes! So imagine that Exactis, like Facebook et.al, knows everything about you — really."
I wanted to post this because every time internet privacy/security gets discussed on BITOG, there are at least a couple naysayers or contrarians who come in with "I have nothing to hide", et cetera. Well, here we are: a tech company with 10 employees... who no one has ever heard of... who none of us have ever contracted with... has built comprehensive profiles on all of us, based on our internet browsing history... then they stored the database unencrypted... and they LOST THE DATABASE.
FTC - Credit Freeze FAQs