About 48 million records of detailed personal information on tens of millions of individuals have been leaked, containing Cambridge Analytica–style information gathered and scraped from multiple sources.
The culprit, as is the case all too often, is a misconfigured cloud storage repository, in this case belonging to a company called LocalBlox. LocalBlox bills itself as a personal and business data search service, but it’s bread and butter is data-harvesting and the creation of psychometric profiles of individuals. It says that it’s “the First Global Customer Intelligence Platform to search, combine and validate deep business and people profiles – at scale,” according to its website, which also proclaims that “the need for deeper, more accurate data about individual businesses and consumers is becoming more urgent to compete.”
According to the UpGuard Cyber Risk Team, which said it gained confirmation of the breach from LocalBlox co-founder Ashfaq Rahman, the data that was left publicly accessible includes names, physical addresses, dates of birth, scraped data from LinkedIn job histories and Facebook, Twitter handles and more. In addition, it appears the prominent real estate site Zillow is used in the process as well, with information being somehow blended from the service's listings into the larger data pool.
“In the wake of the Facebook/Cambridge Analytica debacle, the importance of massive sets of psychographic data is becoming more and more apparent,” UpGuard researchers said in a blog. “This combination [of information] begins to build a three-dimensional picture of every individual affected – who they are, what they talk about, what they like, even what they do for a living – in essence a blueprint from which to create targeted persuasive content, like advertising or political campaigning. If the legitimate uses of the data aren’t enough to give pause, the illegitimate uses range from traditional identity theft, to fraud, to ammunition for social engineering scams such as phishing.”
The Amazon Web Services S3 bucket, since secured, contained 1.2 TB of information at the time of exposure. UpGuard said that the database tracks an IP address, matching collected data to that IP address when possible and thus providing a clearer image of the behavior and background of the user at that IP address.
Interestingly, the exposed source fields also point to aggregated content, purchased marketing databases or information caches sold by payday loan operators to businesses seeking marketing data; other fields are more ambiguous, such as a source field labeled “ex.”
“The data gathered on these people connected their identity and online behaviors and activity, all in the context of targeted marketing, i.e. how best to persuade them,” UpGuard said. “Your psychographic data can be used to influence you. It is what makes exposures of this nature so dangerous, and also what drives not only the business model of LocalBlox but of the entire data analytics industry.”