Another massive database leakage has affected US citizens, this time the incident links back to a marketing firm Ifficient. Reportedly, through its unsecured database, Ifficient exposed 8 million records of participants of various online surveys and other marketing activities.
Ifficient Exposed 8 Million Records
Reportedly, the researcher Sanyam Jain spotted yet another unsecured database exposing a huge amount of records. The researcher shared his findings with Bleeping Computer, who further investigated the database.
As revealed, the unsecured Elasticsearch database belonging to Ifficient exposed 130 million records belonging to U.S. citizens though these only relate back to 8 million individuals due to a huge amount of duplicate information. Initially, the leaked details hinted that the database includes details from various surveys and marketing activities. Whereas, the exposed information carried personal details of the users, including names, email addresses, contact numbers, addresses, gender, birth dates, and IP addresses. Besides, the data also included information about the referrer page contributing to the gathered information. These pages served for various online marketing activities. As stated by Bleeping Computer,
These pages were for online sweepstakes, free sample requests, and surveys… When a user visits these surveys, they will ultimately be asked to submit their information. When this information is submitted, it would be stored in the database.
Upon further investigation, the database linked back to an online marketing firm PathEvolution, having Ifficient as its parent company. In their statement, Ifficient revealed that the database actually had records of 8 million users (excluding the duplications).
The database alleged to have been involved in his matter contained limited information pertaining to about 8 million individuals… Amazon referenced a far greater number of records exposed, but these records pertained to impression data and therefore included an extremely high number of duplicate records.
Ifficient Promptly Handled The Matter
To ensure the closure of the unsecured database, Jain quickly informed Amazon (database’s host) about it upon facing difficulties in contacting the company directly. Consequently, Ifficient confirmed in their statement about the alert received from Amazon regarding the database. They assured that they rectified the matter ‘within hours’ of receiving the alert. They also assure notifying the affected individuals of the incident.
We are currently taking steps to notify individuals for whom data sets defined by the applicable state statutes to constitute personal information was stored.
In addition, Ifficient also advised that they appreciated responsible disclosure.
Take your time to comment on this article.