The Weekly Hack: Exactis unseats Equifax with new, record-breaking data breach

Photo (c) undefined undefined - Getty Images

Adidas, Ticketmaster, and Facebook also suffered new breaches this week

A marketing and data aggregation firm that you likely never heard of apparently knows your email address, home address, phone number, habits, hobbies, and the ages and genders of your children.  

The story isn’t even that Exactis has that information but that cyber-criminals stole it, according to a security expert.

An independent security researcher reported this week that all that personal data mentioned above has been accessed by hackers targeting Exactis. “Pretty much every US citizen” has been affected, according to researcher Vinny Troia.

Exactis, which has yet to issue a statement on the apparent breach, reportedly employs just 10 people. They are in the business of maintaining a “universal data warehouse” that contains 3.5 billion records on consumers and businesses.

In response to the news, attorneys filed the first class action lawsuit against Exactis over the alleged breach on Friday.

Facebook

People who take Facebook quizzes to learn about their own personality traits may have unintentionally let anyone on the internet view their Facebook profiles, according to another independent security researcher.

The so-called “ethical hacker” and researcher Inti De Ceukelaire published a story on Medium describing how a security flaw on the popular Facebook quiz Nametests.com “publicly exposed information of their more than 120 million monthly users — even after they deleted the app.”

He informed Facebook about the breach in April but says that NameTests didn’t appear to patch the problem until this week. When he checked in with Facebook again shortly afterward, the company thanked him and said they would donate $8,000 to the Freedom of the Press Foundation.

Ticketmaster

Ticketmaster, the online ticketing behemoth that has made a killing off of “service fees”, announced on Wednesday that hackers gained access to personal details and sensitive credit card information belonging to five percent of its user base.

The breach affects anyone who bought tickets from February to June of this year, the company admitted. As has become the standard, Ticketmaster is offering consumers a year of free identity theft monitoring for their troubles.

But an online banking start-up called Monzo argues that the measure is too little, too late. The firm reportedly informed Ticketmaster back in April that consumers complained about their credit cards getting hijacked and money disappearing from their accounts after using Ticketmaster.  Monzo said that Ticketmaster claimed at the time that it found no evidence that such a hack was occurring.

Adidas

Adidas announced this week that it recently discovered a data breach that may have exposed data belonging to American consumers.

The data appears to belong to customers who made purchases on the company’s United States website. Passwords and usernames have been exposed, but Adidas says they found no evidence that credit card or fitness data was accessed.

“On June 26, Adidas became aware that an unauthorized party claims to have acquired limited data associated with certain adidas consumers,” Adidas wrote online. However, the exact number of people affected by the breach is not made clear by the company's announcement.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.