Image used with permission of the copyright holder
After Facebook found itself embroiled in the Cambridge Analytica data scandal that affected the personal data of 87 million of its users, the company has once again been linked to another data breach. This time, Localblox is the culprit.
Like Cambridge Analytica, Localblox creates profiles of individuals using information from publicly available sources, such as social network profiles on LinkedIn, Facebook, Twitter and Zillow. Localblox Chief Technology Officer Ashfaq Rahman describes the process to ZDNet as creating transformative intelligence by putting bits and pieces together. The Crunchbase listing describes Localblox as “a location-based social network that builds scalable neighborhood platforms, aggregating business profiles with metadata.”
Unfortunately for the company, the collected data was stored in an unsecured and unlisted Amazon S3 bucket, as discovered by ethical data breach hunter Chris Vickery of cybersecurity research firm UpGuard. The combined files totaled 1.2 terabytes of storage space, and up to 48 million user profiles were stored without passwords. Localblox quickly secured password access within hours of Vickery’s notification.
“Data collected includes names and physical addresses, employment information, and job history data pulled from Facebook and LinkedIn profiles — such as dates of birth and other information from public profiles and Twitter handles,” ZDNet reported after reviewing files collected by Vickery .
Rahman disputed Vickery’s reports, claiming that much of the data was fabricated for testing, and that Vickery had hacked Localblox’s systems.
It is unclear what legal ramifications, if any, Localblox will suffer for collecting data without user consent. Facebook, LinkedIn, Twitter and Zillow have policies against data scraping, but there are no laws in the US that allow people to remove their personal data after it is collected by companies like Cambridge Analytica and Localblox. In Europe, consumers benefit from stricter digital privacy regulations.
Once collected, the collected data can be used in powerful ways, as Cambridge Analytica demonstrated with its involvement in Donald Trump’s presidential election campaign.
“The exposed LocalBlox dataset combines standard personal information like name and address, with information about the person’s Internet usage, such as their LinkedIn history and Twitter feeds,” UpGuard wrote in the report. “This combination begins to build a three-dimensional picture of each affected individual—who they are, what they talk about, what they like, even what they do for a living—essentially a blueprint from which to create targeted persuasive content, like advertising or a political campaign. If legitimate uses of data are not enough to stop, illegitimate uses range from traditional identity theft, fraud, to ammunition for social engineering fraud such as identity theft.”
In a 2013 interview with StreetFight, Localblox president Sabira Arefin placed the blame for data protection on networks like Facebook, saying, “It’s up to the individual sites and the system to set the terms and conditions and then implement all the security mechanisms if you want to prevent scraping.”
Editor’s recommendations
Categories: GAMING
Source: newstars.edu.vn