Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits.
The files were found by vpnMentor on 2 June, which have since been secured. The exposed information was gathered through Facebook ads placed by xSocialMedia looking for people suffering from specific ailments that led to a variety of "injury-check.com" domains such as https://ied-fund.injury-check.com and https://ivcfilter-risk.injury-check.com, vpnMentor said.
The ads were designed to gather medical histories which would then be passed along to a personal injury law firm. The data collected and then compromised included first and last name, email address, street address, phone number, IP address, circumstances of the injury and an explanation about the injury.
"The injuries described in the database vary from those caused by medical devices to combat injuries suffered by American veterans, pesticide use, medication side-effects, and defective baby products," vpnMentor said.
In addition to the medical information the exposed data bases also contained information from about 300 of xSocialMedia’s clients including their names, addresses, phone numbers and email along with some odd tidbits such as the metrics on how their Facebook ads performed.
This article was originally published on SC Media US.