State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

LocalBlox

Original Release Date: 4/20/2018

Summary

LocalBlox, a company that collects data from public web profiles, left details of over 48 million users publicly accessible via an unsecured Amazon Web Services (AWS) S3 bucket. On February 28, an UpGuard researcher discovered the S3 bucket containing a 1.2 TB file of what appeared to be a backup of the LocalBlox database; UpGuard notified LocalBlox who secured the server that same day. The file contained publicly accessible data collected from Facebook, LinkedIn, Twitter, and Zillow, and included names, physical addresses, dates of birth, LinkedIn job history, Twitter handles, and some IP and email addresses. While the information contained in the S3 bucket is public information, it highlights the continued risk associated with misconfigured and unsecured AWS S3 buckets. 

Recommendations

The NJCCIC recommends administrators of AWS S3 buckets and other cloud databases review our previous NJCCIC Cyber Alert on the risks associated with misconfigured S3 buckets, audit their security settings, and implement the mitigation strategies provided as soon as possible. 

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.