In the wake of the Facebook- Cambridge Analytica scandal, social media data aggregation firm LocalBlox left an AWS bucket misconfigured revealing 48 million records gleaned from publicly available data on Facebook, LinkedIn and Twitter profiles
UpGuard Cyber Risk Team researchers identified the exposed data including names, physical addresses, job histories, and dates of birth of users across the various social media platforms, according to an April 18 blog post.
The company reportedly combines the gleaned information with data from the Zillow real estate site to blend the information into larger data pools. Researchers said the firm’s database appears to work by tracking an IP address, matching collected data to that IP address when able, and thus providing a clearer image of the behavior and background of the user at that IP address.
“Also, of interest are exposed source fields, providing some indication of where the scraps of data were collected from,” researchers said in the post. “Some are fairly unambiguous, pointing to aggregated content, purchased marketing databases, or even information caches sold by payday loan operators to businesses seeking marketing data.”
The Amazon storage bucket was discovered on February 18th, 2018 and contained one 151.3 GB compressed file, which, when decompressed, revealed a 1.2 TB ndjson (newline-delineated json) file.
Christopher Littlejohns, EMEA engineer at Synopsys, told SC Media any company that collects, consolidates, but does not adequately secure such data is essentially exposing people to higher risk of being targeted.
“Whilst this data breach has strong similarities to multiple other AWS misconfiguration issues that resulted in data breaches, and the data was “publicly available”, the data captured was interesting in that it consolidated personal information scraped from thousands of web sites,” Littlejohns said. “The net result is that it made it easy for an attacker to gain access to a pool of data that would be valuable for subsequent social engineering attacks, account hacking and identity fraud.”
Littlejohns went on to say these companies have an even stronger duty of care as they are effectively creating developed intelligence on people that can be used for criminal purposes. Experts agree, RedLock Chief Executive Officer Varun Badhwar said this is a glaring example of irresponsibility.
“It borders on the ridiculous that a company who aggregates and sells consumer information based on scraping public data sources would apparently be negligent insofar as protecting their own cloud resources,” Badhwar said. “Enterprises need to be proactive in ensuring both the compliance and security of their cloud assets. While resource misconfiguration is not uncommon, the unintended consequences in terms of data exposure can be massive.”