2 min read

48 million people put at risk after firm that scraped info from social networks left it exposed for anyone to download

Graham CLULEY

April 19, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
48 million people put at risk after firm that scraped info from social networks left it exposed for anyone to download

Chances are that you’ve never heard of Washington-based data firm LocalBlox. But that doesn’t mean that they haven’t heard of you. And it doesn’t mean that your personal information hasn’t been recklessly exposed through their sloppy disregard for the most basic security.

As Zack Whittaker of ZDNet reports, Localblox scooped up information from the personal profiles of some 48 million users of social networks like Facebook, LinkedIn, Twitter, and real-estate site Zillow without their consent.

The data LocalBlox collated included names, email addresses, dates of birth, postal addresses, and even – in some cases – individuals’ net worth.

LocalBlox then consolidated that sensitive information into a single unencrypted file over 1.2 terabytes in size, and placed it on an Amazon S3 bucket.

If you’ve been following past data breaches you can probably guess the worst part of this story – you didn’t need a password to access LocalBlox’s Amazon S3 bucket, meaning anybody in the world could download the data.

The massive lapse was discovered by security researcher Chris Vickery who has made quite a name for himself in recent years discovering a wide array of organisations pouring data onto the public web because they have failed to properly configure their cloud storage systems.

Thankfully Vickery is a responsible researcher, who informed LocalBlox’s CTO Ashfaq Rahman of the problem – and the data was properly secured just a few hours later. But we simply don’t know how long the data was available for anyone to download beforehand.

LocalBlox makes no secret of how it collects and consolidates data about individuals. Its own website explains how it “automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks… LocalBlox helps companies acquire and utilize a vast amount of information from sources held captive on the web with exceptional speed and scale.”

I cannot confirm if LocalBlox does demonstrate “exceptional speed and scale”, but I’m pretty certain from this incident that it falls down when it comes to security.

The fact is that little-known companies like LocalBlox wouldn’t be able to grab your data if you were more careful about what you shared online, and ensured that proper privacy settings were in place to prevent public access to the most sensitive information on your profiles.

And LocalBlox, and other firms like it, wouldn’t find themselves the centre of unwanted attention if it took the time to take even the most elementary steps to protect the data it controversially collects.

If proper care isn’t taken it won’t be ethical researchers like Chris Vickery who stumble across your unsecured data, it might be malicious hackers.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read