Data of 235 mn Instagram, YouTube, TikTok users exposed in massive breach
Profiles of around 235 million Instagram, TikTok and YouTube users have been exposed online in a massive data leak reported by the security research team Comparitech. The incident happened after Social Data, a company that sells data on social media influencers to marketers, exposed the data on the web without a password or any other authentication required to access it.
The data included a wealth of information including names, contact info, personal info, images, and statistics about followers. "The profiles were taken from publicly viewable social media pages on Youtube, TikTok, and Instagram. Security researcher Bob Diachenko, who leads Comparitech’s cybersecurity research team, uncovered three identical copies of the exposed data on August 1," said a report published on the Comparitech website.
"The data was spread across several datasets and the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram," reported Forbes, quoting the security researchers.
Comparitech reported that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, information including profile name, full real name,
profile photo, account description, apart from statistics about follower engagement such as number of followers, engagement rate, follower growth rate, audience gender, audience age, audience location, likes, last post timestamp, age and gender.
The information stored in this database is vulnerable to spam marketing and phishing campaigns. "The information would probably be most valuable to spammers and cybercriminals running phishing campaigns," Paul Bischoff, Comparitech editor, told Forbes. "Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation," he added.
"Social Data has denied any connection between itself and Deep Social," according to the Comparitech report.