Billions of internet activity records tracked by Oracle’s BlueKai leaked online

Posted on Jun 22, 2020 by Caleb Chen
oracle's bluekai leaked billions of internet activity records

BlueKai, a company bought by Oracle in 2014, has leaked. The database of internet activity records was left on the open web in an unsecured server. The leaked data was discovered by Anurag Sen, who went through the disclosure process with the help of a cybersecurity firm called Hudson Rock. Thus far, Oracle has not officially announced the leak and didn’t indicate whether they informed the people that may have had their information breached. Additionally, they declined to indicate to TechCrunch whether or not they even reported the data leak to authorities, as law dictates.

Oracle is just one of the many companies that build these types of profiles on potential advertising targets. Some of them even get the information directly from your internet service provider (ISP) or mobile data provider because Congress voted to allow such privacy breaching activity in 2017. BlueKai uses a more traditional route with web cookies, tracking pixels, and other tracking tools that fingerprint users across the web. The internet activity records include web browsing activity, information about unsubscribe actions, the device and browser used, and more.

BlueKai had billions of internet history records, then it left them open for anybody to see

Bennett Cyphers of the Electronic Frontier Foundation told TechCrunch:

“There’s really no telling how revealing some of this data can be.”

When BlueKai sells the data to advertising companies, they remove personal information such as name and address from the records that are shared. However, the leaked information does contain deanonymizing information. In the leaked records, the TechCrunch team viewed personal information ranging from email address, physical address, full name, and more.

Some people often dismiss the privacy concerns of web browsing activity and internet history being siphoned up and sold wholesale. First off, the existence of that data means that it will be leaked at some point.

Cyphers commented to TechCrunch:

“Whenever databases like this exist, there’s always a risk the data will end up in the wrong hands and in a position to hurt someone.”

Secondly, while individually the websites we visit might not say much about ourselves as a whole; once thousands upon thousands of data points are gathered together, the information becomes more and more valuable to more and more entities. Cyphers explained to TechCrunch:

“Everyone has different things they want to keep private, and different people they want to keep them private from. When companies collect raw web browsing or purchase data, thousands of little details about real people’s lives get scooped up along the way.

This data leak is just one example of why internet privacy needs to be protected and championed. BlueKai’s mess-up won’t be the last time that internet activity records end up leaked on the internet.