A
private data search service scraped several social media sites for
user information, then left that data sitting in a publicly
accessible repository without a password. Some 48 million people’s
personal data was leaked.
LocalBlox,
a data analytics company, describes on its website how it
“automatically crawls, discovers, extracts, indexes, maps and
augments data” from a variety of sources, including Facebook,
LinkedIn, Twitter and Zillow to build a “360 Degree people view,”
that is then sold to marketers.
While
the comprehensive range of data is scraped from publicly accessible
sources, LocalBlox left a 1.2 terabyte file containing the personal
data of 48 million individuals in an Amazon ‘storage bucket,’
password unprotected and accessible to anyone.
Data
contained in the leak included names, physical addresses, dates of
birth, scraped LinkedIn job histories, public Facebook data, and
Twitter handles. Somebody with access to this data could
theoretically use it to commit fraud, identity theft, or to aid in a
social engineering scam like phishing.
The leak
was noticed by cybersecurity firm UpGuard, which notified LocalBlox.
The storage bucket was secured later that day. UpGuard outlined the
breach in a report published Wednesday.
Data
security has been in the spotlight since analytics firm Cambridge
Analytica obtained user data on 87 million Facebook users and their
friends and contacts through a third-party app.
Full
report:
Comments
Post a Comment