ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Exactis Data Breach

exactis.com
Massive exposure
Verified breach
Accounts exposed 131,577,763
Breach date 01 Jun 2018
Added to tracker 25 Jul 2018
Data classes 20

What happened

In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.

Exposed data

Credit status information Dates of birth Education levels Email addresses Ethnicities Family structure Financial investments Genders Home ownership statuses Income levels IP addresses Marital statuses Names Net worths Occupations Personal interests Phone numbers Physical addresses Religions Spoken languages

Recommended actions

  • Watch for targeted phishing emails referencing Exactis โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP