LocalBlox leaked 48 million personal data records

The US data organization LocalBlox exposed an insecure online AWS library on the Internet that included some 48 million records from Facebook, LinkedIn, and Twitter.

The UpGuard Cyber Risk Team can now confirm that a cloud storage repository containing information belonging to LocalBlox, a personal and business data search service, was left publicly accessible, exposing 48 million records of detailed personal information on tens of millions of individuals, gathered and scraped from multiple sources.” UpGuard posted a blog post describing it.

The AWS S3 bucket was discovered on February 18 by UpGuard’s director of cyber risk research, Chris Vickery, and it was exposed in the subdomain “lbdumps”.The bucket contains a single 151.3 GB compressed file titled “final_people_data_2017_5_26_48m.json”. After decompression, 1.2TB of data files will be obtained.


Analysis of the metadata in the file has led researchers to speculate that it belongs to LocalBlox.Records include data collected from social media such as name, address, and date of birth.It is easy to think of the nearest Cambridge Analytica case.

In the wake of the Facebook/Cambridge Analytica debacle, the importance of massive sets of psychographic data is becoming more and more apparent. The exposed LocalBlox dataset combines standard personal information like name and address, with data about the person’s internet usage, such as their LinkedIn histories and Twitter feeds.

More serious than the Facebook data breach scandal, Localblox collects data that is more aggressive, including highly sensitive personal information, and can even correspond to each individual’s personal identity—all without user consent. What happened next.This data is stored as a JSON file and can be read directly.The data includes name, home address, job information, career history, etc.


Localbox also frequently boasted about what they could collect before.The sample information on the company’s website claims that it also contains a person’s location, email address, IP address, telephone number, zip code, salary, employer, job title, and other precise information.Some data even includes whether a person has a credit card, marital status, and net assets.

After the researchers notified, LocalBlox had password protected the database on the same day, but no statement was issued on this occasion.

Source: securityaffairs