A private data search service scraped several social media sites for user information, then left that data sitting in a publicly accessible repository without a password. Some 48 million people’s personal data was leaked.
LocalBlox, a data analytics company, describes on its website how it “automatically crawls, discovers, extracts, indexes, maps and augments data” from a variety of sources, including Facebook, LinkedIn, Twitter and Zillow to build a “360 Degree people view,” that is then sold to marketers.
While the comprehensive range of data is scraped from publicly accessible sources, LocalBlox left a 1.2 terabyte file containing the personal data of 48 million individuals in an Amazon ‘storage bucket,’ password unprotected and accessible to anyone.
Data contained in the leak included names, physical addresses, dates of birth, scraped LinkedIn job histories, public Facebook data, and Twitter handles. Somebody with access to this data could theoretically use it to commit fraud, identity theft, or to aid in a social engineering scam like phishing.
The leak was noticed by cybersecurity firm UpGuard, which notified LocalBlox. The storage bucket was secured later that day. UpGuard outlined the breach in a report published Wednesday.
Data security has been in the spotlight since analytics firm Cambridge Analytica obtained user data on 87 million Facebook users and their friends and contacts through a third-party app.