Millions of scraped public social net profiles left in open AWS S3 box

Poorly configured cloud buckets strike again – this time, LocalBlox fingered


US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by.

Security biz Upguard wandered by on February 18, and found the publicly accessible files in a misconfigured AWS S3 storage bucket located at the subdomain "lbdumps." There's no evidence that anyone else stopped by for a peek, but it's possible.

We're told the S3 bucket contained a single 151.3GB compressed representation of a 1.2TB ndjson (newline-delineated JSON) file. The database describes "tens of millions of individuals," we're told.

Upguard, in a blog post on Wednesday, said it informed LocalBlox on February 28, and the bucket was secured later that day.

Poorly configured AWS S3 buckets have been an source of shame for Amazon Web Services and its users. Last year, the cloud platform giant introduced a tool to warn customers about insecure storage setups and earlier this year made the business version of the tool free, to avoid embarrassment by association.

Still, the problem persists and the forecast continues to look bleak. Last year, Gartner research VP said Jay Heiser predicted that through 2020, "95 percent of cloud security failures will be the customer's fault."

According to Upguard, the data profiles appear to have been collected from multiple sources. They include names, street addresses, dates of birth, job histories scaped from LinkedIn, public Facebook profiles, Twitter handles, and Zillow real estate data, all linked by IP addresses.

Some of the data, the security company suggests, appears to have come from purchased databases and payday loan operators. Other data points – associated with queries like pictures, skills, lastUpdated, companies, currentJob, familyAdditionalDetails, Favorites, mergedIdentities, and allSentences – appear to have been scraped through searches of Facebook.

LocalBlox has posted samples of its data profiles on its website.

"The presence of scraped data from social media sites like Facebook also highlights an important fact: all too often, data held by widely used websites can be targeted by unknown third parties seeking to monetize this information," Upguard said.

Facebook CEO Mark Zuckerberg recently acknowledged "we believe most people on Facebook could have had their public profile scraped" by "malicious actors."

Zuckerberg, testifying before Congress in the wake of the Cambridge Analytica scandal, insisted Facebook users have control over their data. From this case it looks more like no one has much control over it.

LocalBlox did not immediately respond to a request for comment. ®

Narrower topics


Other stories you might like

  • AWS buys before it tries with quantum networking center
    Fundamental problems of qubit physics aside, the cloud giant thinks it can help

    Nothing in the quantum hardware world is fully cooked yet, but quantum computing is quite a bit further along than quantum networking – an esoteric but potentially significant technology area, particularly for ultra-secure transactions. Amazon Web Services is among those working to bring quantum connectivity from the lab to the real world. 

    Short of developing its own quantum processors, AWS has created an ecosystem around existing quantum devices and tools via its Braket (no, that's not a typo) service. While these bits and pieces focus on compute, the tech giant has turned its gaze to quantum networking.

    Alongside its Center for Quantum Computing, which it launched in late 2021, AWS has announced the launch of its Center for Quantum Networking. The latter is grandly working to solve "fundamental scientific and engineering challenges and to develop new hardware, software, and applications for quantum networks," the internet souk declared.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • Oracle cloud growth up 19% but it's still a market minnow
    Acquisition of health data specialist Cerner adds $15.8b to Big Red's debt

    Oracle has impressed the markets with strong revenue growth for cloud infrastructure and applications-as-a-service.

    However, Oracle is still struggling to gain a larger share of the global cloud market, where it lags behind AWS, Microsoft Azure, and Google Cloud.

    Big Red's total revenue for Q4, which ended May 31, hit $11.8 billion, up 5 per cent on the same period a year ago. Total cloud revenue, including infrastructure and software-as-a-service, reached $2.9 billion, up 19 percent. Cloud ERP Fusion revenue increased 20 percent while NetSuite ERP cloud revenue grew 27 per cent.

    Continue reading

Biting the hand that feeds IT © 1998–2022