LocalBlox Rumbled After Scraping 48 Million Users Data and Accidently Leaving it Open to the Public

LocalBlox, A small data firm has scraped the data of 48 Million personal profiles from Facebook, Twitter, LinkedIn and Zillow without user’s consent. The firm said that their spider automatically crawls discovers, extracts, indexes, maps and augments the data in various formats from the web and exchange.

The firm were rumbled after the data collected was stored in an S3 Bucket without a password allowing users to simply browse to the S3 URL. The bucket named lbdumps contained a file that was 1.2 TB in size which listed the files of 1.2 million user records from public profiles.

The data was found by Chris Vickery, director of security firm UpGuard. He immediately disclosed the leak to the CTO of the LocalBlox and hours later the bucket’s data was secured.

These data controversies are sparking uproars in the congressional and parliamentary meetings, The data collection by Localblox can be just as invasive and include highly sensitive and personally identifiable information on a person, without their consent.

Vickery said

The data was found in a human-readable, newline-delimited JSON file. The data collected includes names and physical addresses, and employment information and job histories data, and more, scraped from Facebook, LinkedIn, and Twitter profiles.

UpGuard published their own report of the breach which contained search queries that Localblox would use to cycle through the data that it has collected using Facebook’s search engine to retrieve the photos of the user, current job title employer information and additional family information.

Although Facebook has shut down its search feature earlier this month due to scammers using the automated searches to harvest data from the platform.

It’s also assumed that the company extends its collected data from non-public sources, like purchased marketing data. The data is then gathered, organized and blended into existing individual profiles.

The report said that collection operation is an effort to build a 3D picture on every individual and use it for advertising and political campaigning.

Take your time to comment on this article.

Source: ZDNet

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil