Oracle’s BlueKai – From Tracking Users to Exposing Them to Everyone

Ads have become a normal thing in our life. We have always wondered how a website or social media platform can bombard us with ads for things we were just talking about. It’s definitely not a conspiracy theory. In fact, Ad tech has become very accurate. Facebook alone has 92% of social marketers working on its platform.

Now, another tech giant Oracle has perfected online tracking, spending years and billions in the process. In 2014, the company bought BlueKai – a cloud-based data platform that allows companies to help personalize offline, online, and mobile marketing campaigns with information about targeted audiences.

However, tracking data is one thing, and exposing it to the public is another. Apparently, BlueKai left one server unintended (unsecured and without a password), which compromised and spilled billions of records for anyone with the proper tech-knowledge to find. What is this incident all about? Find out below.

What is BlueKai and How Does it Work?

BlueKai has been around since 2014 and it use tracking tech such as cookies to harvest a user’s browsing activities.

It collects everything they do online, including the websites they visit and the emails they’re opening. By tracking such footsteps, BlueKai can collect a vast amount of data about the target. We’re referring to the likes of political views, income, education, and all sorts of identifiable information on the web.

Finally, BlueKai does what it was created to do – targets the user with ads that match his/her interests. With a single click, the advertiser working with BlueKai gets its revenue.

BlueKai collects all sorts of data in hopes to keep up with the ever-growing trends in order to deliver precise ads to a certain audience. The advertiser working with Oracle can tap into a huge data bank, aiding it in injecting the necessary ads.

It doesn’t stop here. BlueKai also uses other ways to collect user data. In fact, it also allows websites to embed invisible pixel-sized images on their pages. Once a user clicks what he/she doesn’t see, it collects several types of data, including browser, hardware, and operating system.

While it may seem harmless, it’s actually not. If the data gets fused together, it can create a unique fingerprint of the target’s device, making him/her completely trackable while browsing the web.

Finally, BlueKai ties what users browse on their mobile with the activities they do on their desktop. In other words, the company can track what users do regardless of the device they’re using.

The Leaking Server

According to Techcrunch, Oracle left one of its servers unsecured and without a password, resulting in the leak of 1% of the web traffic.

Now, 1% doesn’t seem much. But based on the amount of data BlueKai has harvested throughout the years, 1% converts to billions of online records.

As TechCrunch stated, the data leaked includes home addresses, email addresses, and a lot more identifiable information. Not to mention sensitive web browsing activities and purchases.

TechCrunch also gave us examples of the people exposed. On April 17th, a German man was betting on an esports betting site. He used his prepaid debit card to place a €10 bet.

The problem isn’t with how much he was betting, but the other information that saw the light. The user’s email address, home address, and phone number were also exposed.

Another example took us to Turkey, where a person in Istanbul ordered furniture online from a hardware store and paid $899 for it. The information exposed here is more serious as the person’s name was included, along with other sensitive data such as the home address.

That was a huge leak and Oracle had something to say about it. According to Oracle spokesperson Deborah Hellinger:

“Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet. While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a recurrence of this issue.”

We still don’t know what happened to the data or if someone got his/her hands on it. This is a huge leak and Oracle should reclaim control of the situation as it’s really dangerous.

Final Words

As we mentioned, the size of this breach (mistake) is huge. If the data falls into the wrong hands, who knows what they’ll be able to do with it. Based on the number of records exposed, BlueKai’s data leak is one of the biggest in 2020 so far. Online security is very important and a user has to keep a keen eye on the data he/she submits on the internet.

Reading security-related articles on various websites such as The VPN Guru and more helps. It aids users in increasing their security awareness so that they can protect themselves while surfing the web.