A data leak compromised 235 million TikTok, Instagram and YouTube accounts

A database of approximately 235 million accounts on TikTok, Instagram, and YouTube was published. So data such as name, photos, contact information, age, and gender were publicly available. Phone numbers and email addresses were affected in about 20% of accounts.

According to reports from The Next Web and Comparitech, Social Data has revealed a database of approximately 235 million social media users. The company makes money by collecting data about these accounts and then selling them for advertising purposes. This data may be depending on the account, include…

Full name
Contact information
Images
Subscriber statistics, and other personal information.

The data could be accessed online until August 1. Social Data removed the database from the server about three hours after Comparitech’s notification. The data is believed to have originally come from Deep Social. The company that used Facebook’s API to collect profile information, at least until Facebook stopped doing so in 2018.

Social data indicates that only data that is publicly viewable was collected, but this violates the terms of use of Facebook, Instagram, TikTok, and YouTube. Since these bots are sometimes difficult to distinguish from ordinary visitors. Such actions are difficult to prevent in time.

Social data stressed in an email to Comparitech that this data breach is by no means a hack. The information is publicly available to everyone, even without a database. In principle, this may be true. But such databases make it much more difficult for users to protect their privacy due to the subsequent change of the corresponding settings on Facebook & co. does not affect the data already collected.

Social media data broker exposes nearly 235 million profiles scraped from Instagram, TikTok, and Youtube

Social Data, a company that sells social media influencer data to marketers. It has opened a database of nearly 235 million social media profiles online without a password or any other authentication required to access it, according to a new report from Comparitech researchers.

The profiles were taken from public social media pages on Youtube, TikTok, and Instagram. On August 1, security researcher Bob Dyachenko. Who leads Comparitech’s cybersecurity research group, discovered three identical copies of the disclosed data.

The evidence suggests that most of the data originally came from a now-defunct company: Deep Social. The Instagram dataset names (accounts-deep social-90 and accounts-deep social-91) hint at the origin of the data. Based on this, Dyachenko first contacted Deep Social using the email address listed on his website to report the exposure. Deep Social admins forwarded the disclosure to Social Data. The Social Data CTO acknowledged the exposure. And after about three hours, the servers hosting the data were shut down.

Facebook and Instagram banned Deep Social from using their marketing APIs in 2018 and threatened legal action if it continued to extract data from their users’ profiles. Deep Social then announced it would be phasing out operations and has since shut down its original service.