The profiles of 48 million social network users were leaked from data firm Localblox, who left the data including Facebook, LinkedIn, and Twitter user information on a public server without a password.
The firm, which “automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks,” pulls data from social networks such as Facebook, Twitter, LinkedIn, and even real estate website Zillow.
“Earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents,” reported ZDNet. “The bucket, labeled ‘lbdumps,’ contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.”
After the breach was discovered by security firm UpGuard, Localblox was notified, and the breach was “secured” several hours later.
“The data collected includes names and physical addresses, and employment information and job histories data scraped from Facebook and LinkedIn profiles — like dates of birth and other public profile data, and Twitter handles,” ZDNet explained. “Localblox has long boasted about the amount of data it can collect. A sample consumer profile on the company’s website purports to additionally include a person’s location, email addresses, IP addresses (which can in some cases identify a person’s location), phone numbers, postal addresses, salary, employer and job title, and other precise markers. The data can include, but not always, information such as if a person is a credit card user, their ‘Do Not Call’ preferences, marital status, and net worth.”
Localblox has previously claimed to have “more than 650 million records,” which according to UpGuard is used to “build a three-dimensional picture on every individual affected.”