Your name, the gender of your kids, your interests, your religion and a lot of the things that make you… well YOU, have been exposed. In the last couple of years, the idea of one’s personal information being obtained by hackers has become more than familiar to the general public. If a website you use is compromised, you change your password. If your credit card was skimmed while filling up your car, you get a new card and contact your bank. One’s digital identity is constantly under attack and most of us have come to accept this. This kind of breach can be countered with identity monitoring, good password hygiene and general attentiveness to one’s activity online. The kind of data that the Florida-based marketing firm Exactis has left exposed, sourced from millions of Americans and businesses, is much more… intimate.
The data the firm put on the web with no protection includes 400 variables on each person, ranging from estimated income to how many kids that person has, the children’s ages and gender. This mishandling of highly-sensitive personal information shows an extreme level of negligence on Exactis’ part, and serves as a reminder that there are many other data aggregation firms out there, silently collecting personal data on us all. The leaked information could be used by bad actors to execute highly-effective spear phishing campaigns, to convincingly impersonate someone, or find targets to hack for the maximum amount of profit. Identity monitoring is the only way to combat a leak of this magnitude and depth. You can’t change the things that are fundamental to your identity like you can change a password. With any luck, the researcher from Night Lion Security was the first person to stumble onto the exposed database, although that is unlikely. The number of records found online needs to be verified by Exactis, but if it is 230 million people’s personal information like researchers think it is, it would be one of the most severe breaches in years.
The process by which the firm was able to aggregate and house this much data is still not clear, but it appears to be a combination of public records, private businesses’ sales data, and credit card transaction data sold by banks. It is important to note that breaches of highly-sensitive data from improperly secured databases and networks are not going to suddenly stop. The reality is that we will likely see more and more of these breaches within the coming months and years. It is also important to consider the ethical concerns regarding the collection of vast amounts of information on a person without their knowledge.
The disturbing truth is that the data Exactis left exposed would make breaching a company by using social engineering significantly easier. A call placed to the right person within an organization, using the right identity from a list of 230 million, creates the potential for severe damage to companies of all sizes.
Not a Partner yet? Ask for a demo of Dark Web ID™ to see how you can convert prospects, protect your customers and compel them to purchase or upgrade to new services!