Menu Close

About 235m accounts on Instagram, TikTok, YouTube exposed in data breach

Instagram, YouTube and TikTok Photo: TheHansIndia

*Users’ names, ages, account details, other details left in an unprotected server

*Social Data admits it ‘scrapes’ data of influencers having a presence on the Internet with ‘excess of a certain amount of followers’ ─Report

Isola Moses | ConsumerConnect

If you’re a YouTube, TikTok, or Instagram user, hold on to your personal data because a massive leak of social media profiles has shown up at the doorstep of these platforms.

ConsumerConnect gathered that in connection with an incident brought to light by researchers at Comparitech, Hong Kong-based Social Data exposed a database of close to 235 million social media profiles by not setting a password restriction, or any other authentication required to access it.

The exposed data includes these items from personal profiles: Profile and real full name, age, and gender, profile photo, and whether the profile belongs to a business or has advertisements.

Other data breach details are statistics about follower engagement, including the number of followers, engagement rate, follower growth rate, audience gender/age/location, likes, and last post timestamp.

Based on samples Comparitech collected, it says that about 20 percent of the records also contained either a phone number or e-mail address, report stated.

In scraping all it can find, it was learnt that Social Data’s model is anything but consumer-friendly, but at least it’s honest about what it does.

In its Terms of Service, it admits that it “scrapes” the data of influencers who “have a presence on the Internet having in excess of a certain amount of followers (decided by the marketer) on various social media platforms.”

In other words, let’s say you have 1,523 followers on Instagram and a marketer is looking for people who have at least 1,000, you would be a prime candidate to be scraped.

Web scraping is an old-hat way of automating the copying of data from Web pages in bulk.

The cost of doing it is relatively inexpensive, and that appeals to marketing firms that can’t afford more aboveboard methods.

Social Data swears that it only scrapes what is publicly accessible, but the practice violates Facebook, Instagram, TikTok, and Youtube terms of use, report stated.

Deep Social was banned from Facebook and Instagram in 2018, but apparently it found a way to worm its way back in.

Comparitech says that the wormhole likely came about because automated scraping bots can be difficult to distinguish from normal Web site visitors.

Because of that, social media platforms have a hard time preventing them from accessing user profiles until it’s too late.

However, in defending Social Data in some way, a Social Data spokesperson in an e-mail told Comparitech security researcher Bob Diachenko, that the data was not “hacked” because it was collected in a legal way.

The spokesperson said: “Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously.

“This is simply not true; all of the data is available freely to ANYONE with Internet access.

“I would appreciate it if you could ensure that this is made clear.”

According to the Social Data spokesperson in his e-mail to researcher Diachenko, “anyone could phish or contact any person that indicates telephone and e-mail on his social network profile description in the same way even without the existence of the database.

“Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles.

Those users who do not wish to provide information, make their accounts private (sic).”

Kindly Share This Story

Kindly share this story