Facebook's xSocialMedia ad agency exposes 150K medical histories

News by Doug Olenick

The exposed information was gathered through Facebook ads placed by xSocialMedia looking for people suffering from specific ailments that led to a variety of "injury-check.com" domains

Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits.

The files were found by vpnMentor on 2 June, which have since been secured. The exposed information was gathered through Facebook ads placed by xSocialMedia looking for people suffering from specific ailments that led to a variety of "injury-check.com" domains such as https://ied-fund.injury-check.com and https://ivcfilter-risk.injury-check.com, vpnMentor said.

The ads were designed to gather medical histories which would then be passed along to a personal injury law firm. The data collected and then compromised included first and last name, email address, street address, phone number, IP address, circumstances of the injury and an explanation about the injury.

"The injuries described in the database vary from those caused by medical devices to combat injuries suffered by American veterans, pesticide use, medication side-effects, and defective baby products," vpnMentor said.

In addition to the medical information the exposed data bases also contained information from about 300 of xSocialMedia’s clients including their names, addresses, phone numbers and email along with some odd tidbits such as the metrics on how their Facebook ads performed.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop