Skip to content

Over 650,000 “audience segments” found on Microsoft’s ad platform Xandr

  • by
  • 3 min read

A database containing over 650,000 rows of “audience segments” has been discovered on Xandr, an ad platform run by Microsoft. The database was linked to a public page on the website and was discovered by researchers from Cracked Labs, who discovered the database and shared it with The Markup, which analysed the files and reported their findings.

The database, which was taken down shortly after The Markup contacted Microsoft for comment, includes the name of an audience segment, the name of the supplier of the data behind that segment, a supplier ID number, and a segment ID number. The 68.6 MB database has since been uploaded to Github in CSV format to anyone interested. 

Advertisers can pay Xandr for the ability to target consumers via these sectors, some of which are quite invasive. A lot of these segments contain a hierarchical taxonomy as well, for example, “Lifestyle > Visitation > Recent Retail Visit by Shopper > Lululemon”.

Many of these audience segments fall into broad data categories with a surprising amount of specialisation. For example, the automobile segment can cut down customers on the basis of the make and model of their previous car purchases or the grocery segment can tell apart customers by intent and whether or not they’re heavy buyers of a particular item. 

The more worrying data segments here are medical and health-related, in addition to race or ethnicity, political, location and geofencing, financial, military and even psychological profiles. This means that advertisers had access to consumers’ medical conditions (including reproductory health), political opinions, financial status (which isn’t always accurate), office locations, places of worship, lifestyles and even mental health conditions. 

We don’t know for sure what the file’s purpose was, but it seems like it was intended to demonstrate the variety of data sources Xandr sells. The file metadata says it was created in May 2021, so there’s a chance that these ad segments may not be in use today. Regardless, they go on to show just how deep advertisers can go when it comes to segmenting their audience, in addition to the fact that Xandr didn’t do much to exclude even the most sensitive data from advertisers’ reach.

There are a total of 93 data providers mentioned in the file, Cisco being one of the largest among them as it supplied data to more than one-third of the segments. Location data broker Foursquare and consumer data company Acxiom along with dozens of other lesser-known ad tech companies supply the remaining data.

In the News: North Africa hit by espionage attacks utilizing Stealth Soldier malware

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: