Best Practices, Security Trends/Attacks
Arctic Wolf Networks

 

It didn’t take long for the next big data breach. Last week the guilty party was Exactis, a marketing data aggregator that stores more than 3.5 billion consumer, business and digital records. In this case, Exactis exposed 340 million records by storing them on a public-facing server. If that number sounds astronomical, that’s because it is. It’s greater than the entire U.S. population.

The types of data exposed in this data breach include but aren’t limited to:

  • Names (including children’s names)
  • Email addresses
  • Physical addresses
  • Personal interests and hobbies
  • Religious affiliation
  • Age and gender (including children’s ages and gender)

The only good news? Social Security numbers and payment card data are not believed to have been compromised.

What Exactly Does Exactis Do?

Exactis collects business and consumer data. It does this using cookies, small packets of information about a web user that enable websites to deliver more tailored content based on prior browsing activities. Exactis stores this information in data warehouses and sells it to businesses who then use it to deliver ads and other marketing content to consumers.

What Happened?

Vinny Troia, a security researcher and founder of Night Lion Security, discovered the Exactis database on Shodan, a search engine that allows users to find internet-connected endpoints. Any person, including cybercriminals, can use it to find nearly any device on the web. In this case, Troia spotted the 2-terabyte Exactis database while searching for databases on open servers.

Inexplicably, the Exactis server lacked any type of firewall despite containing the personal information of some 230 million consumers and 110 million business users. Essentially, it was a data breach waiting to happen.

As of this writing, it remains unclear if hackers have exploited the data breach. Exactis has since taken measures to secure its servers.

How Should You Respond?

Since data breaches are increasingly common, consumers and business users alike must always carefully monitor their web-based accounts and online subscriptions since names, contact information and personal interests may have potentially been exposed to hackers. This type of information can be used for social engineering and account hijacking, which in turn, can lead to further credential gathering and possibly even identity theft.

Exactis left the door wide open for cybercriminals and fraudsters.Exactis left the door wide open for cybercriminals and fraudsters.

Lessons Learned for Businesses with Public-Facing Servers

If you house any potentially sensitive data whatsoever, pay attention. Specifically, organizations that store databases of private information belonging to consumers or other business users have the most to learn from this incident. This is a prime example of a lax security posture. The data breach occurred because Exactis did not take proper measures to secure its internet-facing infrastructure. Businesses that hope to avoid similar incidents are encouraged to do the following, at a minimum:

  • When possible, avoid storing private information on web-facing infrastructure
  • Leverage perimeter and application firewalls for a multi-layered approach to security
  • Perform vulnerability scans of internet-facing infrastructure on a frequent basis to identify potential exploit opportunities
  • Use strong passwords to guard against stolen account credentials
  • Use multi-factor authentication to add a second layer of identity verification to help prevent illicit access to your servers
  • Implement network-level authentication to secure remote desktop protocol connections

Every network is different, which is why we recommend that all organizations with web-facing infrastructure leverage the services of a fully-staffed security operations center (SOC).

SOC-as-a-service (or SOCaaS) provides frequent vulnerability assessments to identify opportunities to shore up a business’s security posture. Using a predictably-priced subscription model, a SOCaaS provider performs 24/7 continuous monitoring to identify potential vulnerabilities in internet-facing infrastructure as they emerge, and detects indicators of illicit access to business servers containing private information. To prevent data breaches, incident response is a key component of the SOCaaS package, should an intrusion occur.

To learn more about how SOCaaS helps defend against the top cyberattacks, check out our free eBook, “Are You Secure? What You Need to Know about the Top 5 Attack Vectors,” available here.