Exactis

In June 2018, Exactis, a Florida-based marketing and data aggregation company, accidentally exposed a massive database containing approximately 340 million records on a publicly accessible ElasticSearch server. The exposure was discovered by security researcher Vinny Troia, who found the database openly accessible without any authentication. The leaked dataset spanned several terabytes and included highly detailed personal profiles spread across hundreds of individual data fields. The records covered roughly 230 million individual consumers and around 110 million business contacts. Each profile contained an extensive array of personal attributes including phone numbers, home addresses, email addresses, personal interests, habits, age, number of children, religion, pet ownership, and dozens of other lifestyle characteristics. Notably, the breach did not appear to include financial data or Social Security numbers, but the sheer depth and breadth of personal profiling information made it exceptionally sensitive. Exactis collected and sold this data as part of its commercial data brokerage operations. The incident highlighted severe risks associated with unprotected cloud-hosted databases and the largely unregulated data broker industry in the United States.