BlueKai, which Oracle bought for a little over $400 million in 2014, is barely known outside marketing circles, but it amassed one of the largest banks of web tracking data outside of the federal government.
This web tracking data was spilling out onto the open internet because a server was left unsecured and without a password, exposing billions of records for anyone to find.
Names, home addresses, email addresses, and other identifiable data were in the database which was compromised.
The data also revealed sensitive users’ web browsing activity from purchases to newsletter unsubscribes.
Source: https://techcrunch.com/2020/06/19/oracle-bluekai-web-tracking/
TPRM report: https://scoringcyber.rankiteo.com/company/bluekai
"id": "blu19566123",
"linkid": "bluekai",
"type": "Data Leak",
"date": "06/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Marketing',
'name': 'BlueKai',
'type': 'Company'}],
'attack_vector': 'Unsecured Server',
'data_breach': {'number_of_records_exposed': 'Billions',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Home addresses',
'Email addresses',
'Web browsing activity']},
'description': 'BlueKai, a company acquired by Oracle, left a server '
'unsecured, exposing billions of records containing sensitive '
'web tracking data, including names, home addresses, email '
'addresses, and web browsing activity.',
'impact': {'data_compromised': ['Names',
'Home addresses',
'Email addresses',
'Web browsing activity']},
'title': 'BlueKai Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of password protection'}