The data scallies have been at it again, scooping up vast reams of personal data for ‘commercial’ purposes without asking the owner’s consent. This time it was US data firm LocalBlox.
In language that even the most obfuscating PR person would be proud of LocalBlox proudly declares on its website that it “automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks.”
In plain English this means it gathers up information from the personal profiles users of social networks like Facebook, LinkedIn, Twitter, or as it LocalBlox prefers to say coyly, ‘exchange networks.’ In the case we’re outlining its 48 million people who have had their data nabbed.
In today’s climate, for many this is the unethical crossing of a moral line. But of course in other quarters it isn’t a transgression; rather it’s a profit inspired business opportunity. But it isn’t LocalBlox’s biggest misdemeanour.
Can you guess what it is? We’ll give you a clue; it begins with ‘s’.
Yes, that’s right its security.
LocalBlox trawled the web gathering names, email addresses, dates of birth, postal addresses, and in some cases individuals’ net worth. It then collated this information and consolidated it into a single unencrypted file over 1.2 terabytes in size.
This file was then placed on an Amazon S3 bucket. An Amazon S3 bucket is a unit of cloud-based storage available from Amazon Web Services (AWS).
However, when putting this enormous unencrypted file, approximately 48 million user records culled from ‘exchange networks’ into the storage bucket it made the most basic of errors. It didn’t protect it with a password.
This is an elementary mistake, a bit like leaving the house without getting dressed, and reinforced by the fact that AWS S3 bucket storage is a public cloud offering, which means it is used by many others too.
Thankfully, a sharp-eyed security researcher uncovered the digital blunder. But it could easily have been a malicious hacker gleefully rubbing his hands at the treasure trove of personal data.
What can we do?
There’s very little we can do at a personal level to protect against mistakes made by companies who harvest our data. But that said we can stop operations like LocalBlox from getting it in the first place:
- Be careful about what you share online – take the view that anyone and everyone can see it
- Think three times and then some more before divulging personal information
- Ensure the proper privacy settings are in place on your social networks to stop companies like LocalBlox using public access to scoop it up
It’s also important you’re using good security software like the next-gen protection, identity safeguarding BullGuard Premium Protection
. If any of your personal information is stolen and malicious hackers try and use for nefarious gains Premium Protection keeps you safe. Check it out.