New breach might have exposed data of almost every US adult
Source: MSN
A little-known Florida company may have exposed the personal data of nearly every American adult, according to a new report.
Wired reported Wednesday that Exactis, a Palm Coast, Fla.-based marketing and data-aggregation company, had exposed a database containing almost 2 terabytes of data, containing nearly 340 million individual records, on a public server. That included records of 230 million consumers and 110 million businesses.
It seems like this is a database with pretty much every U.S. citizen in it, security researcher Vinny Troia, who discovered the breach earlier this month, told Wired. I dont know where the data is coming from, but its one of the most comprehensive collections Ive ever seen, he said.
While the database apparently does not include credit-card numbers or Social Security numbers, it does include phone numbers, email and postal addresses as well as more than 400 personal characteristics, such as whether a person is a smoker, if they own a dog or cat, their religion and a multitude of personal interests. Even though no financial information was included, the breadth of personal data could make it possible to profile individuals or help scammers steal identities.
Read more: https://www.msn.com/en-us/money/technology/a-new-data-breach-may-have-exposed-personal-information-of-almost-every-american-adult/ar-AAzgx4u?ocid=spartandhp
heaven05
(18,124 posts)Achilleaze
(15,543 posts)very likely.
* aka republican Draft-Dodger-in-Chief
wasupaloopa
(4,516 posts)go everything you do.
I remember in the 80's a friend of mine was building a data base like that. The idea was how to get your hands on data. That's when stores were handing out memberships so they could capture you buying habits.
LiberalArkie
(15,730 posts)the phone number off the checks and resale them for a penny or so to data places.
Now I would imagine that UPS and Fedex are selling the whole shipping label to data brokers. Makes it easy to keep up with where people move.
Heddi
(18,312 posts)and the blood of a virgin unicorn puppy
every time my data has been hacked/exposed/leaked IT WAS NOT
* because I opened an email I shouldn't have
* because my password wasn't strong enough
* because i gave my credit card to hackers
* because I was loosy-goosy with my personal information
IT WAS
* because the state of South Carolina lost my information to hackers
* because Washington STate Universtion lost my information to hackers
* because Wells Fargo lost my information to hackers
* because Target lost my information to hackers
* because my employer lost my information to hackers
* because my hospital lost my information to hackers
* because my husband's employer lost my information to hackers
NEVER was it because of *MY* lack of prudent use of personal information.
Yet -- we're always bombarded with how we're all dunderhead with "password" as our password. Yet every. single. security breach that has occured in my life (and there have been several, as listed above) has been because OF ANOTHER COMPANY'S lack of security regarding my personal data. I have so many lock-downs and life-time credit monitoring and all that happy horse-shit (useless, of course). NEVER because I was wontonly giving out my SS and Credit card and DOB.
yet consumers are always portrayed as the stupid, idiotic victims. When will these companies be held responsible? Oh, the year 30never. Here, here's another lifetime of MORE credit monitoring. That can go along with the other 30 lifetimes of lifetime credit monitoring I and my husband ALREADY have from the 2 high level breaches we underwent about 5 years ago.
BumRushDaShow
(129,611 posts)Dave Starsky
(5,914 posts)I work with confidential data for a living, so I am very careful about choosing tough passwords. But if some dipshit in a "trusted security firm" leaves my personal information on an unsecured flash drive in a Starbucks, I'm screwn.
BumRushDaShow
(129,611 posts)and also dealt with confidential data, and there is definitely a problem out there with 3rd parties "accidentally leaving a thumb drive on the seat of a plane" or having a government-issued laptop with data "stolen from their car".
TheBlackAdder
(28,225 posts).
Remember, don't print it out anywhere. You must commit it to memory.
.
Heddi
(18,312 posts)that all require these ridiculous usernames/passwords
that all have different requirements (first.last, firstlast, first.lastnumber, employeeID, part of employeeID.last, randomly generated number, etc), (Upper, Lower, Number, Special characters; Upper, Lower, Number, no special; Upper, Lower, Number, SPecial but only from this approved list)
that all change in different intervals (Every 30 days, every 60 days, every 90 days)
(can't use any password that starts with a number, can't use password with consecutive letters, can't use password with consecutive numbers, can't use password that contains your user ID or employer ID or any part of your first or last name, can't be any iteration of a pword you've used in the last 10 iterations of a password)
And I promise, I'm not exaggerating when I say these are the rules. And you have to remember them....for each database/program/whatever or you.are.fucked. omg......don't try to call IT to have them help you reset that fucking password. They will SET. YOU. ON. FIRE.
And WHATEVER you do, don't make it easy to guess. EVER.
DONT WRITE THEM DOWN!!!
well how the FUCK am I supposed to know WHAT the last 10 passwords I've used? Because it can't be easy to guess. And it can't be anything remotely normal
oh...here's the suggestion: "come up with a completely random sentence that makes no sense to you or anyone else. like: I love to eat peanut butter cookies. Now, add symbols:
I LI*32$@)%B*00+{3$. Oh wait. that password system doesn't accept }'s. fuck. And did I use a % for the P? where's the lower case?. FUCK. I have to write this down. Goddamn it I actually HATE peanutbutter cookies. THis sucks.
so what the fuck does everyone do?
writes it the fuck down.
I work from home, which makes it a little bit different of a setting than an office setting, in that there's no one here but us chickens, I'm on a VPN (when working), but it's just ridiculous. PEOPLE WILL WRITE THIS DOWN.
OH....and then when they have to do a totally rando server reset -- oh yeah, gotta reset EVERYTHING. And can't use any pword youv'e used in the last 10 times....and don't write it down.
dixiegrrrrl
(60,010 posts)OhNo-Really
(3,985 posts)so who has our info?
Midnight Writer
(21,816 posts)It is a MARKETING CORPORATION. The only "breach" here is that someone got this info without paying for it. Boo-hoo. (or should I say womp-womp?)
dixiegrrrrl
(60,010 posts)Nothing I can do about my info being now routinely stolen. Happening too often.
So I address the other end of the problem, by reducing the marketing value of my name as much as possible.
This has been a serious issue with me for ages, I am quite determined about my privacy.
We get very little junk mail, mostly from AARP and the local State Farm guy, because we don't use catalogs. Mostly bills in the mail.
I do collect mail for a couple of my neighbors when they go on trips, they have HUGE amounts of junk mail.
The dog has/had his own membership cards at the stores that require them, they never look to see whose name/address you put down, just that you have a number.
I use cash for most local shopping, instead of the traceable debit card. One of our grocery stops has a lil bank in the store. I debit cash from them, to shop with. barely any effort at all.
We use vpn for internet roaming.
No tv, can't stand the ads, can't stand the crap all over the real estate of the screen when it is on.
So we see little of that precious targeted advertsiing except for local stores which send mail to "Occupant"in the weekly circulars.
Robo calls on the landline are an irritant, but the answering machine picks up on all calls first.
here's a trick about getting a "not you" phone number on a landline: they will be too happy to charge you more and more for an unlisted number, but they will accept putting a different name on the number in the directory.
You have to keep your real name on the account, but our landline is in Mr. Dixie's name, so I am fine with that.
Usually I have put the name of our cat, Murphy, for directory listing. ( RIP)