Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo Illustration: Thomas Trutschel/Photothek via Getty Images

Last week, a Florida company named Exacts exposed information on around 300 million records. While several stories characterized this incident as a breach, it wasn't actually a breach — at least not in the way most people use the term.

Why it matters: When most people hear about a breach, they think a bad guy has stolen data. That’s scary and can effect consumer behavior. But there was no bad guy involved in what happened at Exactis. Instead, the firm left a database online in an unsecured way, allowing anyone who knew where to find it to download it.

The details: There are several different ways data can be exposed by accident online. Companies sometimes misconfigure databases or cloud storage to be open to the public.

  • Most people involved in cybersecurity don’t see this as a breach.
  • The ones that do admit that the word can be misleading.

“We’ve made an effort to stop using the word breach,” said Chris Vickery, a leading investigator of data exposures working for the security firm UpGuard.

Breach of trust: Vickery argues that it is a breach, but of a non-standard sort. “It’s a breach of trust,” he said.

  • Vickery alone has found data as varied as a commercial terrorism watch list, registered voter databases and contractor plans for secure government systems.
  • Researchers use specialized search tactics to locate exposed data. It’s not easy work — most exposed data is intentionally left exposed.

The intrigue: Within hours of Wired breaking the story on the Exactis exposure, outlets started comparing the incident to Equifax as a potential record-breaking data breach.

  • In Equifax, an actual hacker stole records.
  • In Exactis, a researcher searching for exposed databases discovered the exposed database. There was no evidence anyone maliciously downloaded the files.

Be smart: It’s important to understand the difference between data exposures and data breaches, because they will keep coming up. The lexical difference doesn’t make a bad thing good. It’s still problematic to have data exposures.

“Every non-malicious breach is something hackers could have found,” said Vickery.

Go deeper

Michigan board certifies Biden's win

Poll workers count absentee ballots in Detroit, Michigan on Nov. 4. Photo: Salwan Georges/The Washington Post via Getty Images

The Michigan Board of State Canvassers certified the state's election results on Monday, making President-elect Joe Biden's win there official and granting him the state's 16 electoral votes.

Why it matters: Republican Party leaders had unsuccessfully appealed to delay the official certification, amid the Trump campaign's failed legal challenges in key swing states.

Biden to nominate Janet Yellen as Treasury secretary

Photo: Photo by Alex Wong/Getty Images

President-elect Joe Biden is preparing to nominate former Fed Chair Janet Yellen as his Treasury Secretary, four people familiar with the matter tell Axios.

Why it matters: Yellen, 74, will bring instant economic celebrity to Biden’s team and, if confirmed, she will not only be the first female Treasury Secretary but also the first person to have held all three economic power positions in the federal government: the chair of Council of Economic Advisers, the chair of Federal Reserve and the Treasury Secretary.

3 hours ago - Podcasts

Bob Nelsen on AstraZeneca and his plan to revolutionize biotech

AstraZeneca and the University of Oxford on Monday reported promising efficacy data for their COVID-19 vaccine, which has less stringent storage requirements than the Pfizer and Moderna vaccines and may be distributed earlier in developing countries.

Axios Re:Cap digs into the state of vaccine and therapeutics manufacturing with Bob Nelsen, a successful biotech investor who on Monday launched Resilience, a giant new pharma production platform that he believes will prepare America for its next major health challenges.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!