The UpGuard Cyber Risk Team can now confirm that a cloud storage repository containing information belonging to LocalBlox, a personal and business data search service, was left publicly accessible, exposing 48 million records of detailed personal information on tens of millions of individuals, gathered and scraped from multiple sources.
The UpGuard Cyber Risk Team’s discovery and analysis of an exposed data repository belonging to AggregateIQ (AIQ), a British Columbia-based data firm, has taken readers around the globe, implicating a number of high-profile political customers in a number of countries. Part One of “The AggregateIQ Files” offered an exclusive look at how exposed technical tools designed for the presidential campaign of Senator Ted Cruz (R-TX) shed light on AIQ’s relationship with Cambridge Analytica - an embattled analytics shop recently revealed to have misused data from 87 million Facebook user accounts. In Part Two, we examined how the repository’s contents revealed AIQ’s work on behalf of a variety of political pressure groups in the United Kingdom - most of them heavily involved in the successful 2016 effort to vote to leave the European Union. In Part Three, we took a closer look at the tools revealed to have been built and stored in the unsecured repository - technical mechanisms capable of highly sophisticated tracking and microtargeting of individuals across the internet. In this installment, Part Four of “The AggregateIQ Files,” we return to examine data revealed in the exposure showing AIQ’s involvement in political efforts closer to its home base of Victoria, British Columbia. While AggregateIQ’s work on behalf of a number of Canadian politicians is already known, this data provides clear insight into what specific assets were built and possessed by AIQ for their clients, along with previously unreported information - including about exposed credentials and passwords.
In Part One of this series, “The AggregateIQ Files,” we explained how the UpGuard Cyber Risk Team’s discovery of a publicly downloadable data repository operated by British Columbia-based data firm AggregateIQ (AIQ) exposed technical tools used for political operations around the world, including the presidential campaign of Senator Ted Cruz (R-TX). In Part Two, we explored how the exposed repository shed light on AIQ’s work in the United Kingdom involving a number of organizations, including a Northern Irish political party crucial to Prime Minister Theresa May’s government and the official campaign in favor of the UK’s exit from the European Union.
In an incident that calls to mind multiple data breaches in the analytics and influencing industries, the UpGuard Cyber Risk Team can now report that data relating to a number of subsidiaries of Kansas City holding company Blue Chair LLC, such as lead generation company Target Direct Marketing, was left exposed online, revealing personally identifiable information for over one million individuals seeking further information about higher education. Revealed in the repository are personal details for these million individuals, including their names, email addresses, phone numbers, and, in some cases, information such as the person’s high school graduation year and area of study. Also exposed in this leak are what appear to be backups of a set of server configurations for a large network of feeder websites designed to draw consumers toward the for-profit education application process.
In a striking illustration of how cyber risk affects even the newest and most novel enterprises in the digital economy, the UpGuard Cyber Risk Team can now disclose that a cloud repository belonging to Octoly, a Paris-based brand marketing company, was left exposed, revealing a backup of their enterprise IT operations and sensitive information about thousands of the firm’s registered online personalities. The leak, which resulted from the erroneous configuration of the repository for public access, revealed the contact information and personal details of over twelve thousand influential "creators" - largely Instagram, Twitter, and YouTube personalities supplied by Octoly with beauty products, merchandise, and gaming content from the marketing firm’s industry clients, which include household names like Dior, Estée Lauder, Lancôme, and Blizzard Entertainment.