A huge database containing close to 235 million scrapped data from users on Instagram, TikTok and YouTube was exposed without a password or any form of authentication required to access it.
According to a report by cybersecurity researcher Bob Diachenko from British research firm Comparitech, the database was from a Hong Kong company called Social Data, which helps businesses "find influencers and get in-depth insights into demographic and psychographic data of influencers and their audience throughout different types of social media on the web."
Also Read: MGM Resorts Hacked, Private Data Of Over 10.6 Million Guests Dumped On Hacking Forum
Diachenko explained that three copies of the data were hosted at three separate IPv6 addresses and contained:
Profile names
Full real names
Profile photo
Account description
Whether the profile belongs to a business or has advertisements
Statistics about follower engagement that includes:
- Number of followers
- Engagement rate
- Follower growth rate
- Audience gender
- Audience location
- Likes.
Age
Gender
Diachenko went on to add that about one in five records contained either a phone number or email address, based on the samples they collected.
"The information stored in this database is vulnerable to spam marketing and phishing campaigns," Comparitech site read. "Users of Instagram and TikTok should be on the lookout for scams and phishing messages either sent directly or posted in comments. Even though the information is publicly available, the size and scope of an aggregated database makes it more vulnerable to mass attack than it would be in isolation."
"The images and other profile data could be used by scammers to create fake imitation accounts. These accounts lure in followers, and then promote scams or misinformation. The images could also be used without the owners' permission for face recognition purposes," Comparitech added.
Web scrapping is a technique of gathering data from web pages in an automated manner. A lot of analytics companies create large database of user information on popular sites for marketing purposes, insights, etc, while some sell them to other companies.
Though not illegal, popular sites such as TikTok, YouTube, Instagram, prohibit web scrapping practices.
Social Data has acknowledged the breach and closed the access to the database.