A security researcher has uncovered an insecure database that contains billions of tracking records of user activity online.

What makes this discovery particularly interesting is the fact that the database belongs to BlueKai that Oracle bought for around $ 400 million in 2014.

BlueKai is a startup that uses website cookies and other tracking technology to follow users on the web. Based on the websites users visit and the emails they open, the company and the like can infer a large amount of information about them, and marketers use this data to deliver targeted ads where they are more likely to is clicked.

Security researcher Anurag Sen discovered the unsecured database and reported his findings to Oracle with the help of Hudson Rock CEO and former TechCrunch reporter Roi Carthy, who served as an intermediary.

Tracking records

After reviewing Sen’s shared data, TechCrunch found names, addresses, email addresses, and other identifiable data in the database. The data even revealed the sensitive web browsing activity of shopping users who had made newsletters from those who unsubscribed.

To deliver more accurate ads, BlueKai uses an endless supply of data from a variety of sources. The company even uses covert tactics, such as allowing websites to incorporate invisible pixel-size images or tracking pixels to collect information about a user’s system, including hardware, operating system, browser, and connection type. they have when they open a web page. This data can be used to create a unique fingerprint of a person’s device that follows them over the Internet, regardless of the device they are using.

According to an estimate from the Who tracks.me site, BlueKai tracks just over one percent of all online web traffic. The company tracks web traffic on several of the most popular online sites, including Amazon, ESPN, Forbes, Glassdoor, Rotten Tomatoes, and others. However, marketing companies that pay for access to BlueKai data never see names, addresses, or any other personal data, which is why the discovery of their exposed database is so revealing.

In a statement to TechCrunch, Oracle spokeswoman Deborah Hellinger explained that two companies had not properly configured their services and this led to the database being exposed online, saying:

“Oracle is aware of the report by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet. Although the initial information provided by the investigator did not contain enough information to identify an affected system, Oracle’s investigation later determined that two companies did not properly configure their services. Oracle has taken additional steps to prevent the recurrence of this problem. “

We have also highlighted the best VPN services.