Skip to Content
Security & privacy

Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others

You know how we are all mad at Facebook for their data collection and subsequent less-than-stellar security for it all? Once kind of an afterthought, it all came to the forefront with news of the Cambridge Analytica breach.

In the weeks since, Facebook’s Mark Zuckerberg has testified before Congress while millions of people have gone on to update their privacy settings, if not deactivate or delete Facebook altogether. Truthfully, it all might have been a long time coming.

But while Facebook is being rightfully slammed for what it has done, they are not alone in having lax or non-existent privacy controls. Indeed, other social media-type sites have suffered through similar issues.

How about another 48 million profiles?

We have learned that a data firm known as Localblox was able to piece together about 48 million personal profiles by scraping together data from various sites, including Facebook, LinkedIn and Twitter.

If that isn’t bad enough, Localblox left its files on a public-but-unlisted Amazon S3 storage bucket without a password, which allowed anyone to download it all. Oops.

The bucket was discovered by someone with the security firm UpGuard, who then alerted Localblox to the problem. But what was in the bucket, actually?

What was leaked?

How about names, addresses, employment information, job histories, birthdays, email addresses, family information and photos. They may also know whether or not you use a credit card, your marital status, net worth and whether or not you are on the “Do Not Call” list.

Just think, all of this information was out in the open for anyone to download and view. The file was more than 12 terabytes in size, but still, it contained a whopping 48 million profiles.

How data collection is not really a secret

The firm, which is based in Bellevue, Washington, prides itself on data collection. The front page of their website promotes their having the “World’s Most Comprehensive Cross Device Identity Graph on business, Consumers and Geo Audiences,” with an image that shows a photo along with name, address, phone number, email, age, gender, whether or not they own a pet and their income.

Localblox also says it has a U.S. voter database of 180 million citizens and given what we’ve learned via Cambridge Analytica, that itself is pretty concerning.

None of this is technically illegal, and it’s easy to understand why all that information could be of value to organizations. As creepy and invasive as it is for the rest of us, it has become one of the prices we pay for our online society.

What’s the aftermath?

Localblox claims none of the data was taken by anyone and that, furthermore, most of it was fabricated for internal tests. As for the data collection, they believe it is up to each individual site to determine its security terms and conditions.

In other words, if sites don’t want to have their data scraped by firms like Localblox, it is up to them to prevent it from happening. Yeah…about that…

If nothing else, this is just another reminder that none of what we do online is ever, truly private. We should all certainly pay more attention to security settings with every site we use, but ultimately, if we are providing data there are organizations that will collect it.

Whether or not what’s happening now will lead to changes in laws regarding it all remains to be seen.

As for Facebook, a whistleblower revealed even MORE sinister ways they snoop and track you

As we are now learning, the Cambridge Analytica breach involved more than the estimated 87 million users impacted by the “This Is Your Digital Life” app. No, according to a whistleblower, that was just the tip of the iceberg. Click here to learn more.

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook