LocalBlox found leaking info on tens of millions of individuals

Joanna Estrada
April 21, 2018

It has also found misconfigured Amazon Web Services S3 buckets leaking data from Kansas holding company Blue Chair, Paris-based brand marketing company Octoly, California data analytics firm Alteryx, credit fix service National Credit Federation, the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.

In this case, in involved 48 million records relating to social media information.

The data gathering itself isn't greatly surprising, since LocalBlox has stated clearly that its service provides automatic crawling, discovery, extraction, indexing, mapping and augmenting of data "in a variety of formats from the web and from exchange networks".

The site claims the firm, LocalBox, left the profile data in a public (but unlisted) Amazon S3 storage bucket, where it wasn't password protected and was eventually uncovered by Chris Vickery, director of cyber risk research at UpGuard. This allegedly gave anyone access to the file, allowing them to download its content freely.

The data on each individual reportedly includes names, addresses, dates of birth, LinkedIn job histories, public Facebook data, Twitter handles and information from real estate listing site Zillow.

The researchers said the data breach "highlights the ease with which Facebook data can be scraped, and the ubiquity of Facebook information in psychographic datasets".

"This combination begins to build a three-dimensional picture of every individual affected - who they are, what they talk about, what they like, even what they do for a living - in essence a blueprint from which to create targeted persuasive content, like advertising or political campaigning", UpGuard said. Somebody with access to this data could theoretically use it to commit fraud, identity theft, or to aid in a social engineering scam like phishing.

Based on the exposed file's name -final_people_data_2017_5_26_48m.json- this appears to be a backup of the LocalBlox database made on May 26, 2017.

Facebook just recently revealed it was cracking down on "data scraping" after being hit with harsh criticism in the wake of Cambridge Analytica. As you've probably seen, earlier this month Facebook's CEO, Mark Zuckerberg, faced a congressional inquiry following the Cambridge Analytica scandal that compromised the information of over 80 million Facebook users.

Analysis by UpGuard shows that LocalBlox has a sophisticated way of threading together data from different sources to produce a granular profile of individual users. For example, it purchased marketing databases and "information caches" from payday loan operators but wrote short identifiers like "ex" in other dataset fields. UpGuard points out in a blog post how easy it was for LocalBlox to harvest data from Facebook, while some sources it used were more mysterious.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER