Skip to main content

Localblox data breach is the latest nightmare for Facebook, LinkedIn

Image used with permission by copyright holder

After Facebook found itself embroiled in the Cambridge Analytica data scandal that affected the personal information of 87 million of its users, the company is once again tied to another data breach. This time, Localblox is the culprit.

Like Cambridge Analytica, Localblox creates profiles of individuals using information scraped from publicly accessible sources, like social network profiles on LinkedIn, Facebook, Twitter, and Zillow. Localblox chief technology officer Ashfaq Rahman describes the process to ZDNet as creating transformative intelligence by joining bits and pieces together. A listing on Crunchbase describes Localblox as “a location-based social network that builds scalable neighborhood platforms, aggregating business profiles with metadata.”

Recommended Videos

Unfortunately for the company, the collected data was stored in an unsecured and unlisted Amazon S3 container, which was discovered by ethical data breach hunter Chris Vickery at cybersecurity research firm UpGuard. The combined files amounted to 1.2 terabytes of storage, and up to 48 million user profiles were kept without a password. Localblox had quickly secured access with a password within hours of Vickery’s notification.

Please enable Javascript to view this content

“The data collected includes names and physical addresses, and employment information and job histories data scraped from Facebook and LinkedIn profiles — like dates of birth and other public profile data, and Twitter handles,” ZDNet reported after examining the files Vickery collected.

Rahman disputed Vickery’s reports, claiming that most of the data was fabricated for testing, and that Vickery had hacked into Localblox’s systems.

It’s unclear what legal repercussions, if any, Localblox will suffer as a result of its collection of data without user consent. Facebook, LinkedIn, Twitter, and Zillow all have policies prohibiting data scraping, but there are no laws in the U.S. that allow people to remove their personal data once it has been collected by firms like Cambridge Analytica and Localblox. In Europe, consumers benefit from stricter digital privacy regulations.

When compiled, the scraped data could be used in powerful ways, as Cambridge Analytica has shown with its involvement in Donald Trump’s presidential election campaign.

“The exposed LocalBlox dataset combines standard personal information like name and address, with data about the person’s internet usage, such as their LinkedIn histories and Twitter feeds,” UpGuard wrote in a report. “This combination begins to build a three-dimensional picture of every individual affected — who they are, what they talk about, what they like, even what they do for a living — in essence a blueprint from which to create targeted persuasive content, like advertising or political campaigning. If the legitimate uses of the data aren’t enough to give pause, the illegitimate uses range from traditional identity theft, to fraud, to ammunition for social engineering scams such as phishing.”

In an interview with StreetFight in 2013, Localblox president Sabira Arefin shifted the data protection blame to networks like Facebook, stating, “it is up to the individual sites and system to determine the terms and conditions and then enforce any security mechanism in place if they want to prevent scraping.”

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
This new malware is targeting Facebook accounts – make sure yours is safe
Facebook logo appears with a hooded figure over a cracked blue background.

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Read more
What is a Facebook Pixel? Meta’s tracking tool, explained
A silhouetted person holds a smartphone displaying the Facebook logo. They are standing in front of a sign showing the Meta logo.

If you have a website for your business and you're wondering how well your ads are reaching prospective customers, you'll probably want to be able to measure that to make sure that the money you've spent on advertising for your business is money well spent. Meta (the parent company of social media platforms Facebook and Instagram) offers a tool that can measure that by capturing how your customers interact with your business' website.

At one point, this tool was known as a Facebook Pixel. But since the technology company's recent rebranding to Meta, the tool also underwent a name change and is now known as the Meta Pixel.

Read more
Meta found over 400 mobile apps ‘designed to steal’ Facebook logins
Social media mobile apps on a smartphone screen, all on a textured gray fabric background.

If you frequently use your Facebook login to sign into new mobile apps you've installed, you may want to pay attention to Meta's latest announcement.

On Friday, Facebook's parent company Meta published a blog post written by its Director of Threat Disruption David Agranovich, and Ryan Victory, a Malware Discovery and Detection engineer at Meta. The post detailed Meta's discovery of over 400 mobile apps "that target people across the internet to steal their Facebook login information." Essentially, Meta found hundreds of mobile apps that were "designed to steal"  the login information of Facebook users by having those users log in to these apps with their Facebook login information.

Read more