LocalBlox exposes 48 million people in latest social media security lapse
Many people have been shocked by the scale of the ecosystem that has built up around the use of social media.
Many people have been shocked by the scale of the ecosystem that has built up around the use of social media data by third parties involved in activities from app design and marketing to more nefarious work like that of Cambridge Analytica. One of the main reasons this trade in data is so worrying is that there is no guarantee that these companies are properly securing the information they use.
These concerns have been validated by the recent disclosures about LocalBlox, a Washington-based company data firm. The company is responsible for exposing the personal data of 48 million social media users to significant security risk.
A huge security lapse
The revelations about LocalBlox highlights the worst aspects of the trade in user data, with the company showing a complete lack of any basic knowledge of data security.
The company, which claims to have built a “comprehensive cross-device identity graph” on consumers and businesses, took information from personal profiles of millions of Facebook, LinkedIn, Twitter and other sites. This data included people’s names, email addresses, dates of birth and postal addresses, which the company consolidated together in a single unencrypted file.
It then placed all of this incredibly sensitive information onto an Amazon S3 bucket. What the company had failed to do though, is set up a password for its bucket. This meant that anyone could not only look at the collected data, but download it for their own uses.
This huge error was spotted by security researcher Chris Vickery who immediately alerted the company about the vulnerability. LocalBlox had acted to secure the data within hours of Vickery’s discovery, but it is hard to tell how long the data was available for public download.
Unfortunately, these kind of incidents are not likely to be isolated to LocalBlox. Vickery has spent years highlighting how a worryingly large number of companies are not as airtight with their data as would be reasonably expected.
It can be easy to feel powerless. If companies that you’ve never heard of are able to get their hands on the personal data of millions of people without having to prove they can secure it, what can the average consumer do to protect themselves?
The answer is that there is a lot you can do. The first is to be very careful about the information that you share online. If you are uncomfortable with the amount of information a site is asking for, you could reconsider whether you actually need to engage with it at all. If you do choose to make use of the site, make sure to take a good look at their privacy settings. You may be able to restrict the ways in which the company shares your data.
You can also make use of a VPN to make it more difficult for sites to accurately track you online. While this will help, the main thing that consumers need to do is educate themselves about the way these companies may be using their data and take steps to rebalance the relationship.