One of those startups which Oracle bought for somewhat over $400 million in 2014, BlueKai, is scarcely known outside marketing circles; however, it amassed probably the biggest bank of web tracking data outside of the federal government.
By utilizing website cookies and other tracking tech to pursue the user around the web, by knowing which sites the user visits and which emails they open, BlueKai does it all.
BlueKai is supposedly known to depend intensely on vacuuming up a 'never-ending' supply of information from an assortment of sources to comprehend patterns to convey the most exact ads to an individual's interests.
The startup utilizes increasingly clandestine strategies like permitting websites to insert undetectable pixel-sized pictures to gather data about the user when they open the page — hardware, operating system, browser, and any data about the network connection.
Hence it wouldn't be wrong to say that the more BlueKai gathers, the more it can infer about the user, making it simpler to target them with ads that may lure them to that 'magic money-making click'.
Marketers regularly utilize this immense amount of tracking data to gather as much about the user as could reasonably be expected — their income, education, political views, and interests to name a few — so as to target them with ads that should coordinate their apparent tastes.
But since a server was left unsecured for a time, that web tracking data was spilling out onto the open internet without a password and at last ended up uncovering billions of records for anybody to discover.
Luckily security researcher Anurag Sen found the database and detailed his finding to Oracle through an intermediary — Roi Carthy, chief executive at cybersecurity firm Hudson Rock and former TechCrunch reporter.
Oracle spokesperson Deborah Hellinger says, “Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet. While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a reoccurrence of this issue.”
Subsequent to reviewing into the information shared by Sen, names, home addresses, email addresses, and other identifiable data was discovered in the database.
The information likewise uncovered sensitive users' web browsing activity — from purchases to newsletter unsubscribes.
While Oracle didn't name the companies or state what those additional measures were and declined to respond to the inquiries or comment further. In any case, it is clearly evident that the sheer size of the exposed database makes this one of the biggest security 'lapses' by this year.