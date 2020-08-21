Left Menu
Data breach exposes profiles of 235 million Instagram, TikTok, Youtube users

Researchers also warned that the exposed data could be used by scammers to create fake imitation accounts and lure in followers and then promote scams or misinformation. 

Devdiscourse News Desk | London | Updated: 21-08-2020 14:10 IST | Created: 21-08-2020 13:52 IST
Representative image Image Credit: ANI

A recent data breach exposed the social media profiles of nearly 235 million users, according to a new report from Comparitech researchers. The data was collected using web scraping, an automated process that involves collecting a large volume of data from various websites and the database included millions of records scraped from Instagram, TikTok, and YouTube.

On August 1, Comparitech's lead security researcher Bob Diachenko found that three identical copies of the data were hosted at three separate IPv6 addresses, and each one stored data on about 235 million social media profiles which were taken from publicly viewable social media pages. Each record contained some or all of the following data:

  • Profile name
  • Full real name
  • Profile photo
  • Account description
  • Whether the profile belongs to a business or has advertisements
  • Statistics about follower engagement, including:
    1. Number of followers
    2. Engagement rate
    3. Follower growth rate
    4. Audience gender
    5. Audience age
    6. Audience location
    7. Likes
  • Last post timestamp
  • Age
  • Gender

Diachenko sent disclosure to Deep Social, the company (now-defunct) who owns much of the data. The company forwarded it to Hong-kong based Social Data which then acknowledged the data exposure and took down the servers hosting the data. However, the company denied having any connection with Deep Social.

We do not know how long the data was exposed for prior to our discovery of it on August 1. We also do not know whether any unauthorized parties accessed it during the exposure. Our honeypot experiments show that hackers can find and attack unsecured databases within hours of being exposed.

Comparitech

Researchers also warned that the exposed data could be used by scammers to create fake imitation accounts and lure in followers and then promote scams or misinformation.

According to Comparitech researchers, it is difficult to distinguish the automated scraping bots from normal website users, so social media companies have a difficult time preventing them from accessing user profiles until it's too late.

A bright energy future beckons many developing nations

