Have not seen this diaried yet, and it is notable.
Exactis, a little-known data-hoovering marketing firm in Florida left its massive database, containing quite granular details on dang near every adult in the US and millions of businesses, in an un-firewalled, internet-accessible server.
Cybersecurity researcher Vinny Troia, who found the database while experimenting with a search application, calls it, “one of the most comprehensive collections I’ve ever seen."
The leaked database is huge, bigger than last year’s Equifax data breach. Though the leaked database does not contain financial information, the amount of data collected for each profile (you) is eye-popping.
Aside from the sheer breadth of the Exactis leak, it may be even more remarkable for its depth: Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel. WIRED independently analyzed a sample of the data Troia shared and confirmed its authenticity, though in some cases the information is outdated or inaccurate.
While the lack of financial information or Social Security numbers means the database isn't a straightforward tool for identity theft, the depth of personal info nonetheless could help scammers with other forms of social engineering, says Marc Rotenberg, executive director of the nonprofit Electronic Privacy Information Center.
"The likelihood of financial fraud is not that great, but the possibility of impersonation or profiling is certainly there," Rotenberg says. He notes that while some of the data is available in public records, much of it appears to be the sort of nonpublic information that data brokers aggregate from sources like magazine subscriptions, credit card transaction data sold by banks, and credit reports. "A lot of this information is now routinely gathered on American consumers," Rotenberg adds.
…
Troia contacted both Exactis and the FBI about his discovery last week, and he says the company has since protected the data so that it's no longer accessible. Exactis did not respond to multiple calls and emails from WIRED asking for comment on its data leak.
www.wired.com/...
I tried going to the Exactis site (.com), but it seems pretty busy. A partial list of the firm’s clients from Crunchbase:
Exactis.com's clients, primarily in the media, financial services and e-commerce industries, use Exactis.com precision e-mail solutions to communicate news and information, deliver event-triggered communications, and target and manage large-scale one-to-one e-mail marketing campaigns. Clients include Sony Music Entertainment Inc., Charles Schwab & Co. Inc., MSNBC Interactive News, First Union Corp., USATODAY.com, Tribune Media Services, The Economist and American Express.