Skip to main content

Localblox data breach is the latest nightmare for Facebook, LinkedIn

Image used with permission by copyright holder

After Facebook found itself embroiled in the Cambridge Analytica data scandal that affected the personal information of 87 million of its users, the company is once again tied to another data breach. This time, Localblox is the culprit.

Like Cambridge Analytica, Localblox creates profiles of individuals using information scraped from publicly accessible sources, like social network profiles on LinkedIn, Facebook, Twitter, and Zillow. Localblox chief technology officer Ashfaq Rahman describes the process to ZDNet as creating transformative intelligence by joining bits and pieces together. A listing on Crunchbase describes Localblox as “a location-based social network that builds scalable neighborhood platforms, aggregating business profiles with metadata.”

Unfortunately for the company, the collected data was stored in an unsecured and unlisted Amazon S3 container, which was discovered by ethical data breach hunter Chris Vickery at cybersecurity research firm UpGuard. The combined files amounted to 1.2 terabytes of storage, and up to 48 million user profiles were kept without a password. Localblox had quickly secured access with a password within hours of Vickery’s notification.

“The data collected includes names and physical addresses, and employment information and job histories data scraped from Facebook and LinkedIn profiles — like dates of birth and other public profile data, and Twitter handles,” ZDNet reported after examining the files Vickery collected.

Rahman disputed Vickery’s reports, claiming that most of the data was fabricated for testing, and that Vickery had hacked into Localblox’s systems.

It’s unclear what legal repercussions, if any, Localblox will suffer as a result of its collection of data without user consent. Facebook, LinkedIn, Twitter, and Zillow all have policies prohibiting data scraping, but there are no laws in the U.S. that allow people to remove their personal data once it has been collected by firms like Cambridge Analytica and Localblox. In Europe, consumers benefit from stricter digital privacy regulations.

When compiled, the scraped data could be used in powerful ways, as Cambridge Analytica has shown with its involvement in Donald Trump’s presidential election campaign.

“The exposed LocalBlox dataset combines standard personal information like name and address, with data about the person’s internet usage, such as their LinkedIn histories and Twitter feeds,” UpGuard wrote in a report. “This combination begins to build a three-dimensional picture of every individual affected — who they are, what they talk about, what they like, even what they do for a living — in essence a blueprint from which to create targeted persuasive content, like advertising or political campaigning. If the legitimate uses of the data aren’t enough to give pause, the illegitimate uses range from traditional identity theft, to fraud, to ammunition for social engineering scams such as phishing.”

In an interview with StreetFight in 2013, Localblox president Sabira Arefin shifted the data protection blame to networks like Facebook, stating, “it is up to the individual sites and system to determine the terms and conditions and then enforce any security mechanism in place if they want to prevent scraping.”

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
TikTok continues to rebut reports of a security breach
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.

Popular short-form video app TikTok recently found itself having to refute claims that it had been hacked, and is continuing to rebut the charge.

According to BleepingComputer, as early as late last week, a hacking group known as AgainstTheWest, posted to a forum saying that it had hacked TikTok and a messaging app known as WeChat. The forum post also included screenshots, which were of "an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users."

Read more
You can now use the Add Yours sticker on Reels for Facebook and Instagram
A series of three mobile screenshots on a gray background showing the new Add Yours sticker for Facebook Reels.

As of today, Facebook and IG creators have six new features they can use for their Reels content. But of the six, the most intriguing feature is support for a sticker prompt that was first used and popularized in Instagram Stories.

Meta announced via a Facebook video post that, in addition to all of its other new Reels-focused features, it would now offer support for its Add Yours sticker prompt in Reels for both Instagram and Facebook.

Read more
What does a check mark mean on Facebook Messenger?
A series of social media app icons on a colorful smartphone screen.

If you've ever sent a message to a friend on Facebook Messenger, you've probably noticed a little check mark icon next to the message you sent.

They're nothing to worry about, but these check mark icons do offer up a little information on the status of the Messenger messages you send. Want to know what each of these check mark icons means? Keep reading to find out.
What does a check mark mean on Messenger?

Read more