Info-tech

Billions of records from Oracle’s BlueKai exposed online due to security lapse: Report

Hemani Sheth Mumbai | Updated on June 20, 2020 Published on June 20, 2020

Billions of records belonging to a database maintained by cloud platform BlueKai were left exposed online due to a security lapse, according to a TechCrunch report.

BlueKai, a startup acquired by Oracle in 2014 maintains a large database acquired through web tracking. It is meant to map user trends online in order to help marketers target potential consumers, the report said.

BlueKai uses website cookies and other tracking technology to track user activity on the web. The data is meant to help advertisers create targeted ads.

However, due to a security lapse in one of the servers which were left without a password, billions of records from a database were exposed online. The data breach was discovered by security researcher Anurag Sen who the reported his findings to tech major Oracle through Roi Carthy, chief executive at cybersecurity firm Hudson Rock, the report said.

TechCrunch then reviewed the data shared by Sen. The data contained records of personal information including names, home addresses, email addresses and other identifiable data. Some of the records were detailed enough to trace back a person based on their online activity. In one instance, TechCrunch based on the records was able to trace back a €10 bet on an esports betting site on April 19 back to a man in Germany with details including his name.

The data also contained web browsing activity ranging from online purchases to newsletter unsubscribes as per the report.

BlueKai tracks a user’s online activity and habits based on multiple sources. This data are known as a web browser’s “user-agent” is usually in fragments. However, when put together, it can trace back to a person based on their “digital fingerprint.”

According to an estimate by the website Whotracks, BlueKai tracks over 1 per cent of all web traffic including major sites having a BlueKai tracker. These sites include Amazon, ESPN, Forbes, Glassdoor, Healthline, Levi’s, MSN.com, Rotten Tomatoes, and The New York Times as per the report.

Oracle has acknowledged the breach and i taking measures to void recurrence of such an issue.

“Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet,” said an Oracle spokesperson as quoted by the report.

“While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a reoccurrence of this issue,” the spokesperson further added.

Published on June 20, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.