In what could be a massive data leak, an unsecured database of nearly 235 million Instagram, TikTok, and YouTube users was left wide open for anyone to access on the Internet, according to a security researcher Bob Diachenko. Although this may not qualify as a data breach per se, an incident like this can be perceived as equally serious and dangerous as someone breaking into your online accounts with malicious intentions.
Massive data leak causes furor
Comparitech investigation reveals how an influencer marketing company called Social Data exposed millions of social media profiles online:
“Social Data, a company that sells data on social media influencers to marketers, has exposed a database of nearly 235 million social media profiles on the web without a password or any other authentication required to access it,” reads their official blog post. “The data included a wealth of information including names, contact info, personal info, images, and statistics about followers.”
The data originated from publicly viewable social media pages on Instagram, TikTok, and YouTube. The researcher initially came across three identical copies of the exposed data earlier this month. Well, that’s essentially how the leak was uncovered at the beginning.
The leak consists of the following data:
- 96,714,241 records scraped from Instagram
- 95,678,713 records scraped from Instagram
- 42,129,799 records scraped from TikTok
- 3,955,892 records scraped from Youtube
The data leak may be sourced from a company called Deep Social, which is no longer operational. As soon as the leak was reported, Social Data acknowledged the leak and took the servers hosting the data down.
Each entry consists of the following data on users:
- Profile name
- Full real name
- Profile photo
- Account description
- Whether the profile belongs to a business or has advertisements
- Statistics about follower engagement, including:
- Number of followers
- Engagement rate
- Follower growth rate
- Audience gender
- Audience age
- Audience location
- Likes
- Last post timestamp
- Age
- Gender
Apparently, Social Data has denied any ties with Deep Social.
In response to this data leak, Facebook said scraping people’s information from Instagram is a clear violation of its policies.
“We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection,” said Facebook spokesperson Stephanie Otway.
Data scraping is an illegal practice that goes against Instagram, TikTok, and YouTube’s terms of use. And goes without saying, the leaked database in the hands of threat actors can also yield pretty devastating results.
