A cybersecurity firm called UpGuard has tied Facebook — as well as other popular consumer sites — to another data leak.
UpGuard’s Chris Vickery revealed details about the leak last week, after first discovering the situation in February. Vickery says he found 48 million profiles constructed using technology that scrapes public data from sites like Facebook, Zillow, and Twitter, on an Amazon S3 storage container without a password. Vickery finds data vulnerabilities and breaches as part of UpGuard’s cyber risk team.
The profiles were created by a Bellevue, Wash., company called LocalBlox, which offers a variety of marketing and business intelligence tools. LocalBox’s software starts with a person or company and searches the internet for publicly available information on that entity that has been posted to sites like Facebook, LinkedIn, Twitter, and Zillow. LocalBlox then creates profiles based on that information, which can be used for commercial purposes like marketing.
LocalBlox CEO Ashfaq Rahman told GeekWire that his team was not able to reproduce whatever Vickery did to access the files and stressed that no one else obtained the data housed in the Amazon container. His team secured the data when Vickery alerted them in February.
Rahman insists that LocalBlox’s information has never been and will never be used to push a political agenda, the way that Cambridge Analytica did in a larger data leak exposed in March.
But the user data LocalBlox collects does echo the psychographic profiles created by Cambridge Analytica, a Republican-backed political strategy firm that illegitimately obtained profile data from up to 87 million Facebook users. Facebook is still dealing with the fallout of that scandal and it is making many users confront the sophisticated ways their online data is being used for the first time.
This, Vickery says, is the new normal. Big data is big business and some of the most successful companies in the world have built their empires on information that their users provide in exchange for free services. Consumers are just now starting to realize the true cost of that trade.
The success of these big tech companies has led smaller startups, like LocalBlox, to jump into the market.
“If you look at Google, Facebook, the reason they’re the most powerful companies in the world is because they’re relevant,” said Rahman, LocalBlox’s CEO. “When you go to Google, you get relevant search results and there’s a lot of intelligence that goes behind generating relevant experiences. That’s what we’re focusing on.”
Vickery says he found IP addresses, phone numbers, home address, email addresses, living history, and other personal data in the LocalBlox container.
LocalBlox and other companies like it are emphatic that the data they collect would never be supplied to people with ethically dubious intentions. “We absolutely will never allow our data to be used for that kind of purpose,” Rahman said.
But leaks like this one take on a new significance in the wake of the Facebook scandal. Consumers are becoming more educated about companies that deal in data, and lawmakers are trying to figure out how to regulate this new frontier.
“The upshot is people are becoming more and more aware that it’s happening,” Vickery said. “People are starting to get more and more outraged and put pressure on lawmakers to clamp down and reign in the abusers.”
In the meantime, large stores of personal data represent an opportunity for bad actors online. Out of curiosity, Vickery searched the LocalBlox data for people using NSA email addresses. He says he found “quite a few.”
“It’s just a huge treasure chest for anybody that would want to do real nation-state level investigations,” he said.