48 mn Social Media Records Exposed Publicly in Misconfigured Cloud Storage Platform

It has been reported that LocalBlox, a data search service provider who automatically scrapes data in a variety of formats from the web and exchange networks, has been found to expose around 48 million records of personal information gathered from multiple sources, including social media platforms like Facebook, LinkedIn, Twitter etc.

Discovered by the security firm UpGuard, the data was exposed via a misconfigured Amazon Web Services (AWS) S3 storage instance.

Christopher Littlejohns, EMEA engineer at Synopsys, said: "Whilst this data breach has strong similarities to multiple other AWS misconfiguration issues that resulted in data breaches, and the data was “publicly available”, the data captured was interesting in that it consolidated personal information scraped from thousands of web sites. The net result is that it made it easy for an attacker to gain access to a pool of data that would be valuable for subsequent social engineering attacks, account hacking and identity fraud.

"Any company that collects, consolidates, but does not adequately secure such data is essentially exposing people to higher risk of being targeted. They, therefore, have an even stronger duty of care as they are effectively creating developed intelligence on people that can be used for criminal purposes."