He also mentioned that most data gathered by information brokers (like Exactis) is actually retrieved from private outlets, including online subscriptions.
"In today's highly competitive global business environment, data is your single most powerful asset for achieving business growth", it says on its website right before mentioning that it has access to the records of 218 million individuals in 110 million households. Exactis has apparently since protected the database, though it may be too late.
In this Tuesday, Sept. 12, 2017, file photo, the new iPhone X is displayed in the showroom after the new product announcement at the Steve Jobs Theater on the new Apple campus in Cupertino, Calif. Apple fans who froze their credit after the Equifax data breach may end up with another hassle on their hands if they try to get one of the new iPhones that can cost more than $1,000.
The information didn't include credit card details or social security numbers, but it did include everything from email addresses, home addresses and phone numbers to details on religion, smoking habits, and pets.
On the website of Exactis - which was inaccessible as of Thursday morning - it claims to have data on 218 million individuals, including 110 million USA households, and 3.5 billion "consumer, business, and digital records".
KitGuru Says: This sort of gross negligence is becoming a big problem and it looks like Exactis abandoned its duty of care when it comes to personal records. According to Troia, the records are divided into dozens of different fields that can identify whether a person reads books, owns a dog or cat, or invests in real estate.
BNSF: Estimated 230,000 gallons of oil spilled in derailment
Within hours of the derailment, BNSF had brought in dozens of semitrailer trucks loaded with equipment to clean up the spill. The spill threatened to contaminate drinking water for residents about 150 miles (240 km) downstream in Omaha, Nebraska.
"I don't know where the data is coming from, but it's one of the most comprehensive collections I've ever seen", said Troia.
Wired confirmed the authenticity of the data, though noted that it was in some cases out of date or inaccurate.
Troia notified both Exactis and the Federal Bureau of Investigation about the exposed data last week. Out of 7,000 returned servers, Exactis stuck out since it was completely unprotected.
"I'm not the first person to think of scraping ElasticSearch servers", he said.
Just because people's financial information or Social Security numbers weren't leaked doesn't mean they're not at risk for identity theft. While a lot of the data is available publicly, some is not. "The amount of personal information that was exposed could still help scammers impersonate or profile them", the website stated.
Wired has reached out to Exactis for comment on the situation a number of times, but has so far been ignored.