socialise
like us on facebook
tweet
follow us on twitter
business
find us on linkedin

call us

020 8939 8481

Data Firm Exposes 235 Million Social Media Profiles

25/08/2020 in Security

Download Form1

This field is for validation purposes and should be left unchanged.

[optin-monster-shortcode id="8328"]

A social media data broker has exposed the public-facing profiles of 235 million users via a misconfigured online database, according to researchers.

Comparitech teamed up with Bob Diachenko to uncover three identical copies of the data on August 1, left online with no password or other authentication required to access it.

In total, 192 million profiles were scraped from Instagram, 42 million from TikTok and four million from YouTube.

Each record contained some of the following: profile name, real name, profile pic, account description, age, gender and more.

Around a fifth of profiles also contained either a phone number or email address, according to Comparitech.

Although the personal information contained in this trove was all publicly available, social media companies like Facebook have threatened legal action in the past against automated data scraping firms that subsequently sell their collections to marketers.

Comparitech said that although access to the exposed database was shut down three hours after its first disclosure, it’s unclear how long the information was left online without a password.

The firm warned that, if discovered, the trove could have been used by spammers or to make follow-on phishing attacks more convincing.

The data itself was traced back to Social Data, a firm that apparently sells data on social media influencers to marketers. It was at pains to point out that the exposed information was taken from publicly available profiles, even though their consolidation into a single database makes it a more attractive prospect for cyber-criminals.

Comparitech also claimed that “evidence” suggests a connection between the data and a now-defunct company known as Deep Social which was removed from Facebook and Instagram marketing APIs in 2018 and threatened with legal action.

Social Data reportedly denied any connection between the two companies, although some of the original datasets were labelled as follows: “accounts-deepsocial-90” and “accounts-deepsocial-91.”

 

What Now?

We’re Evolve, and we’re here to guide your business’ digital transformation.  With a wealth of experience deploying solutions and managing IT for various firms we are uniquely placed to help your business overcome the challenges posed by the current crisis and look optimistically to the future. 

You can contact me on LinkedIn @davidatevolve, by telephone 020 8939 8481 or on our Contact Us page

News Source: https://www.infosecurity-magazine.com/