Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits.
The files were found by vpnMentor on June 2, and which have since been secured. The exposed information was gathered through Facebook ads placed by xSocialMedia looking for people suffering from specific ailments that led to a variety of “injury-check.com” domains such as https://ied-fund.injury-check.com and https://ivcfilter-risk.injury-check.com, vpnMentor said.
The ads were designed to gather medical histories which would then be passed along to a personal injury law firm. The data collected and then compromised included first and last name, email address, street address, phone number, IP address, circumstances of the injury and an explanation about the injury.
“The injuries described in the database vary from combat injuries suffered by American veterans to injuries caused by medical devices, pesticide use, medication side-effects, and defective baby products,” vpnMentor said.
In addition to the medical information the exposed data bases also contained information from about 300 of xSocialMedia’s clients including their names, addresses, phone numbers and email along with some odd tidbits such as the metrics on how their Facebook ads performed.