Marketing Analysis Firm Exposes Information of 123 Million Households
Marketing Analysis Firm Alteryx allegedly failed to properly secure their online database, which exposed the personal information of about 123 million households, including street addresses, ages, genders, mortgage and auto loan information, and information about children.
Chris Vickery, director of research at UpGuard, a cybersecurity firm, said they discovered this vulnerability on October 6. While names were not included, Vickery said information could be cross-correlated with other information, including voting records.
“If you cross-reference it with a voter registration database, or if you have records from an advertiser on the web, like a big web advertiser, you piece these things together and you’ve got a very accurate view of who someone is: what they like doing, where they work, where they live, how many kids they have,” Vickery told Forbes.
Anyone with an Amazon Web Services account could have accessed the information, according to UpGuard.
While Alteryx has not confirmed whether anyone improperly accessed the database, Vickery wrote on the UpGuard blog that, “Simply put, one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket’s contents.”
According to UpGuard, the information in the database came from the United States Census Bureau as well as credit reporting agency and Alteryx partner, Experian. The Census data is not particularly disturbing, as this information is publicly accessible, but according to the UpGuard blog, “Experian’s ConsumerView marketing database, a product sold to other enterprises, contains a mix of public details and more sensitive data.”
What can you do to protect yourself from any fallout from this breach? First, be wary of anyone claiming to contact you from one of your creditors. If you receive an email from someone you seem to recognize, check the information listed after the @ symbol. If anything is misspelled, or it comes from an address you do not recognize, this is likely a phishing attempt, and you should report the email as spam.
Similarly, if anyone calls you and claims to be from a loan holder or creditor, be wary. If the caller is legitimate, they will not ask for your full account number or Social Security number.
If you are ever unsure, it is best to err on the side of caution. You can login to your account, as any legitimate messages will go to your inbox on your account website. Additionally, you can call the phone number listed on your credit card or account statement. Then, ask the representative if someone with your financial institution actually contacted you.