Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Facebook Privacy

Data Firm Leaks 48 Million User Profiles it Scraped From Facebook, LinkedIn, Others (zdnet.com) 56

Zack Whittaker, reporting for ZDNet: A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent. Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.

But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents. The bucket, labeled "lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

This discussion has been archived. No new comments can be posted.

Data Firm Leaks 48 Million User Profiles it Scraped From Facebook, LinkedIn, Others

Comments Filter:
  • I'm not sure that word means what you think it means.

    • by Nidi62 ( 1525137 ) on Wednesday April 18, 2018 @01:36PM (#56459445)

      I'm not sure that word means what you think it means.

      the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket

      Cue the Congressional hearing with the 80 year old Congressman asking why Amazon even allows companies to store anything in these buckets if they have holes, and why they can't just stop the leaks with duct tape.

  • Where's the benefit of locking down this user data? It seems like, if we want to harm scammy companies like this, removing their profit motive by publishing all the (non-copyrighted) data makes sense.

  • I mean, personally, what would you as a typical slashdotter do with this data if you weren't too busy cleaning the I.T. closets?

    See who can build the most efficient script to "find Waldo"?

    • by rsborg ( 111459 )

      I mean, personally, what would you as a typical slashdotter do with this data if you weren't too busy cleaning the I.T. closets?

      See who can build the most efficient script to "find Waldo"?

      Grey hat:
      It'd be a great (though ethically questionable) corpus of data for training your AI for whatever sort of prediction data you want.

      Black hat:
      It'd also be a good for political targeting or looking for easily scammable people for spear-phishing or spam cons.

  • by Anonymous Coward

    If they sold it to Republicans they need to be dragged before Congress and publicly humiliated, otherwise this is a non-issue.

    • Low effort partisian bashing from an anonymous coward and inexplicibly getting upvotes...

      Yep, this one tastes like professional shilling. I think someone out there really wants to get this issues cut down along party lines. Good luck with that though, I don't think democrats OR republicans are too happy with Facebook over the sort of shit they let happen.

    • by rsborg ( 111459 )

      If they sold it to Republicans they need to be dragged before Congress and publicly humiliated, otherwise this is a non-issue.

      You jest but data like this should be a liability and treated as such. It would certainly be one if something like the European GDPR were in effect in the US.

      Facebook, Equifax and the like should be punished for their so-called "lapses in security".

  • by CaptnCrud ( 938493 ) on Wednesday April 18, 2018 @12:46PM (#56459057)

    Here is their publicly available personal info.

    http://www.localblox.com/ [localblox.com]

    George Fink - CEO/Marketer/Scumbag: https://www.linkedin.com/in/ge... [linkedin.com]
    Sabira Arefin - Founder/Entrepreneur(lol)/Scumbag: https://www.linkedin.com/in/sa... [linkedin.com]
    Colby Atwood - President/Marketer/Scumbag: https://www.linkedin.com/in/co... [linkedin.com]
    Ashfaq Rahman - Chief Data Scientist/Scumbag: https://www.linkedin.com/in/as... [linkedin.com]

  • by Anonymous Coward

    A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow,

    That is data people posted publicly.

    Now if they did that with FB's "shadow profiles" of non-users, then maybe I can see a cause for being upset. But if people spew their private data to every advert company on the internet, inc the biggest data aggregators out there like FB, G and Linkedin, they do not have a "reasonable expectation of privacy". That's like publishing your drunken fratboy antics in the New York Times, and then being upset when someone reads about them.

    People have to start thinking about w

  • So, Zuckerberg.... repeat again that you don't sell data..
    • He doesn't. He sells lists of names that meet criteria. The data itself is too valuable to sell, just once.

      Facebook is upset that Cambridge Analytics did what Facebook does. Never throw away data and never miss a chance to collect more.

  • hmmmm, wait a second... *sniffs the smoke* *listens to the chanting mob* *Looks down at the pitchfork in his hands*. Yep. This is a witch-hunt.

    Now, don't get me wrong. I honestly despise this paticular brand of witch. These guys suck and their actions have a very anti-social bent to it. Their buisness model is abuse and intrusive. Fuck marketers. I know plenty well enough to protect myself, but "the masses" are just kinda generally dumb and enough are swayable into doing dumb things. Like using emacs

  • What a world (Score:5, Insightful)

    by jenningsthecat ( 1525947 ) on Wednesday April 18, 2018 @01:10PM (#56459211)

    A Canadian kid gets charged with "exploiting a vulnerability", (i.e. incrementing a number in a URL), and faces ten years in prison for archiving the FOI data he collected as a result. He had no idea he was doing anything wrong. (FOI? Hello!). These assclowns scraped data, and created 48 million personal profiles without consent. They knew full well what they were doing. Then they effectively published the data. Careless, much? Arguably they were criminally careless. They probably won't face any penalties at all. Go figure.

    • Well the kid was accessing data that was meant to be secured, if poorly. These researchers are accessing data that is meant to be public.

      They can do whatever they like with my linked in data, it was put up there for everyone in the world to see.

  • Wait, so a company that scraped data from public sources, left the data unsecured, and the public could access it?

    personal profiles...from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others - -- without the users' knowledge or consent.

    Are you telling me that users of social networks do not know that the public part of their profile is available publicly? What? Hey, there's plenty of privacy violations going around, but this isn't one of them. Save your outrage for any one of the many other examples.

  • by Anonymous Coward
    Order your own LexisNexis "Full File" - you will be shocked at the data this private company has collected on you. No shoe size (yet.) https://personalreports.lexisn... [lexisnexis.com] Also order your own LexisNexis "C.L.U.E. Auto Report" and "C.L.U.E. Personal Property Report" https://personalreports.lexisn... [lexisnexis.com] By Federal law, they are required to provide you with free reports once per year.
  • Was there a time when Amazon shipped S3 buckets public by default, with permissions wide open to the world? What is it with these S3 buckets.

    Last time I set up a public bucket (to share some of my photos to some friends), I had to explicitly set the checkbox, and it came up with "you can't just walk into Mordor" warning.

  • ... they scraped public data, and the problem is that they carelessly left it ... public?
  • Anyone got a link?
  • The general public is barely aware of 1, 2 or 3 companies that have collected and used information from public and private sources because of the left wing faux outrage that Trump was involved with 1 of them.

    What are they going to say when they find out its also LinkedIn and Twitter and every other 'free' service and more collecting/scraping/surveying/using/sharing/selling every shred of collected information to sell more advertising and or create relationships for their own purposes.

    This was so easy to pre

"Pok pok pok, P'kok!" -- Superchicken

Working...