340 Million Files Disclosed in Exactis Breach

June 30, 2018


One more main data breach has left approximately 340 million files disclosed by data collection company Exactis after information was abandoned on an openly accessible server. The 2 terabytes’ worth of data seems to contain the private details of the people registered, including telephone numbers, home addresses, electronic mail addresses and other extremely private individualities for every name. 

The kind of private information that was possibly undermined must be pertaining to consumers, given the huge volume of information that is gathered, merged together and contained in databases like the one that was disclosed by Exactis, said Anurag Kahol, Bitglass CTO.

“Showing that volume of data to the open internet is a major crime by the business and one that we’ve seen lots of times in the previous year, however, it is doubtful that we’ll see anything alter unless businesses take the initiative in safeguarding company data,” Kahol said.

News of the breach raises queries concerning whether Exactis knew what kind of information it had and whether it thought the possible repercussions if that information were undermined. “The difficulty with most companies these days,” said Ruchika Mishra, Balbix director of products and solutions, “is that they do not have the prudence and visibility into the hundreds of attack paths – be it misconfigurations, workers at risk of being phished, management using identifications across individual and business accounts – that might be abused.”

It might be months before the real effect of the breach can be evaluated, however, what has originally been informed is shocking and there would not be any astonishment if Exactis verified that 340 million people were actually impacted.

“The Exactis data leak must infuriate businesses and consumers alike. The sheer volume of cloud databases left accessible on the Internet is astonishing, particularly when one considers the kind and volume of data that users save on it without giving it a second thought,” stated John “Lex” Robinson, cybersecurity policymaker at Cofense.

“It is worth noticing that simply because the server was left open to the public doesn’t imply it was thieved by malevolent hackers, however, we can’t be sure. The data informed to have been leaked is extremely comprehensive and can be utilized by hackers to develop more targeted phishing cheats.”