LocalBox describes itself as a combination of personal and business data search service, but most of their revenue comes from the creation of psychometric profiles created by mining data from a wide range of publicly available sources (social media, public records, and the like). On the company's website, they describe themselves as being "the First Global Customer Intelligence Platform to search, combine and validate deep business and people profiles - at scale."
According to the UpGuard Cyber Risk Team, they got confirmation from Ashfaq Rahman (LocalBox's co-founder) that the data file was placed on a mis-configured cloud-based storage system. The misconfiguration left the file vulnerable. The file included names, dates of birth and physical addresses culled from sources including Twitter, LinkedIn, Facebook, Zillow (a popular real estate site), and more.
UpGuard researchers had this to say about the incident:
"In the wake of the Facebook/Cambridge Analytica debacle, the importance of massive sets of psychographic data is becoming more and more apparent. This combination of information begins to build a three-dimensional picture of every individual affected--who they are, what they talk about, what they like, even what they do for a living--in essence, a blueprint from which to create targeted persuasive content, like advertising or political campaigning. If the legitimate uses of the data aren't enough to give pause, the illegitimate uses range from traditional identity theft, to fraud, to ammunition for social engineering scams such as phishing.
The data gathered on these people connected their identity and online behaviors and activity, all in the context of targeted marketing, (i.e., how best to persuade them). Your psychographic data can be used to influence you. It is what makes exposures of this nature so dangerous, and also what drives not only the business model of LocalBox, but of the entire analytics industry."
Terrifying indeed.