What do you make of this database leak?
"In today's highly competitive global business environment, data is your single most powerful asset for achieving business growth", it says on its website right before mentioning that it has access to the records of 218 million individuals in 110 million households. When he did a search on the database, he found the Exactis database, which was unprotected.
Data breaches have become more and more common in the news lately. He said the trove contained 340 million records that included names, addresses, phone numbers and email addresses.
A little-known marketing firm may have exposed the personal information of every adult in the US.
Each record can list the subject's phone number, address, date of birth, estimated income, number of children, education level, credit rating and much more.
Jarrod Ramos, 38, identified as suspect in Annapolis shooting
One of the group's flagship papers, the Capital , plans to publish a Friday edition, several reporters with the group said. A spokeswoman for a hospital near the newspaper said two patients had arrived there but she did not know their conditions.
The company is called Exactis, and it's one of the many shadowy operations that trade and collate people's personal data so that ads can be accurately targeted at them. Every record reportedly has entries that include more than 400 variables on characteristics like whether the person smokes, what their religion is and whether they have dogs or cats.
Wired, meanwhile, independently checked a data sample from the overall output, confirming the authenticity of the data, though in some cases what was leaked was outdated or inaccurate. On a routine investigation using Shodan - a search engine that allows users to identify internet-connected devices - he looked up databases on open servers, and eventually stumbled upon the Exactis database, which, rather curiously, lacked any kind of firewall. He said he also told the Federal Bureau of Investigation about his findings. "I'd be surprised if someone else didn't already have this".
Just because people's financial information or Social Security numbers weren't leaked doesn't mean they're not at risk for identity theft. Some of it seemed to be available in public records, but a lot of it appeared to come from things like magazine subscriptions and transaction records.
Executive Director Marc Rotenberg of the nonprofit Electronic Privacy Information Center's says, "The likelihood of financial fraud is not that great, but the possibility of impersonation or profiling is certainly there".
So far, Exactis hasn't publicly commented on the leak.