LocalBox Suffers Data Leak – 48 Million Facebook, LinkedIn, Others Profiles Affected

Data collecting company LocalBox was recently exposed for leaking its own data. The leak affects 48 million profiles spread across Facebook, LinkedIn, and more.

It’s the latest development in the ongoing Facebook privacy saga. Already, Facebook is taking fire for allowing companies like Cambridge Analytica to mine the data of Facebook profiles. Initial reports had the number of profiles affected at 50 million. That number has since ballooned to 78 million. More recently, the number seems to keep growing as the number of profiles affected is seemingly heading north of 80 million.

The revelations have gotten officials from Facebook and Cambridge Analytica to testify before government committees in the UK, the US, and Canada.

With Facebook under the microscope, the last thing they want is word of an actual data leak affecting their users. Unfortunately for Facebook, the worst case scenario came true.

Reports are surfacing that say that another data mining company has suffered a data leak. Unlike the Cambridge Analytica story, this is the proper use of the term “data leak”. According to ZDNet, profiles scraped from several social media websites were posted publicly to yet another Amazon S3 storage bucket. From the report:

A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others — without the users’ knowledge or consent.

Localblox, a Bellevue, Wash.-based firm, says it “automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks.” Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.

But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents.

The bucket, labeled “lbdumps,” contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

This latest development will no doubt cause a lot more controversy in the Facebook privacy debate. For those who know a thing or two about online privacy, some might scoff at the idea that public profiles could be considered private information. While it is easy to dismiss the value of the data, such data would still, at minimum, be useful to marketing companies. So, it is not as though the data is useless by any means.

At any rate, this latest development for Facebook would be like stubbing their toe a second time. Already suffering from the negative PR from the Cambridge Analytica controversy, it’s going to make for some even more interesting days ahead for the Facebook PR team.

Drew Wilson on Twitter: @icecube85 and Google+.


1 Trackback

Leave a Reply

Your email address will not be published. Required fields are marked *