Security researcher Vinnie Troia discovered in June 2018 that Exactis, a Florida-based data broker and marketing aggregation company, had left a 2-terabyte Elasticsearch database publicly accessible on the open internet with no authentication whatsoever. The database contained approximately 340 million records — approximately 230 million US consumers and 110 million US businesses. While the database did not contain Social Security numbers or financial data, it contained extraordinarily detailed personal profiles compiled from public and commercial data sources: name, address, phone number, email address, age, estimated income, homeowner status, number of children and their ages, religious affiliation, political affiliation, interests and hobbies (hundreds of attributes per person), and hundreds of other personal characteristics. Troia notified Exactis and the database was secured. No evidence of prior unauthorized access was found, but the incident highlighted the privacy risks posed by the data broker industry — collecting and exposing detailed behavioral profiles on virtually every US adult without their knowledge or consent.