Billions of online tracking records leaked online

(Image credit: Alexskopje / Shutterstock)

A security researcher has discovered an unsecured database which contains billions of tracking records about users' activity online.

What makes this discovery particularly interesting is the fact that the database belongs to BlueKai which Oracle purchased for around $400m back in 2014. 

BlueKai is a startup that uses website cookies and other tracking technology to follow users around the web. Just based on which websites users visit and which emails they open, the company and others like it can infer a great deal of information about them and marketers use this data to deliver targeted ads that are more likely to be clicked on.

Security researcher Anurag Sen discovered the unsecured database and reported his findings to Oracle with the help of Hudson Rock's CEO and former TechCrunch reporter Roi Carthy, who served as an intermediary.

Tracking records

After reviewing the data shared by Sen, TechCrunch found names, home addresses, email addresses and other identifiable data in the database. The data even revealed users' sensitive web browsing activity from purchases they had made to newsletters they unsubscribed from.

To deliver more precise ads, BlueKai uses a never-ending supply of data from a variety of sources. The company even uses covert tactics such as allowing websites to embed invisible pixel-sized images or tracking pixels to collect information about a user's system including the hardware, operating system, browser and type of connection they have when they open a webpage. This data can be used to create a unique fingerprint of a person's device which follows them across the internet regardless of which device they're using.

According to an estimate from the site Whotracks.me, BlueKai tracks just over one percent of all web traffic online. The company tracks web traffic on a number of the most popular sites online including Amazon, ESPN, Forbes, Glassdoor, Rotten Tomatoes and others. The marketing firms that pay for access to BlueKai's data though, never see names, addresses or any other personal data which is why the discovery of its exposed database is so revealing.

In a statement to TechCrunch, Oracle spokesperson Deborah Hellinger explained that two companies had failed to properly configure their services and this led to the database being exposed online, saying:

“Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet. While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a reoccurrence of this issue.”

  • We've also highlighted the best VPN services

Via TechCrunch

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.