#LeakAlert: Data of 235 million TikTok, Instagram, YouTube users exposed
As many as 235 million users of leading video services TikTok, Instagram, and YouTube have been hit by a data leak. Their information has been exposed through a database that was left completely unprotected on the web, waiting to be accessed by anyone who knew where to look. Here is all you need to know about it.
Social Data exposed 3 identical datasets
On August 1, the team at security firm Comparitech caught Social Data, a Hong Kong-based social media analytics company, exposing three identical databases containing information on 235 million users of TikTok, Instagram, and YouTube. The datasets, the researchers noted, had the public profile data of these users, including their full names, contact information, age, gender, images, and stats about followers.
Information possibly taken through web scraping
The information in the database suggested that its source was Deep Social, an analytics platform that shut down in 2018 after being banned by Facebook and Instagram for mining data from users' profiles. Now, this indicates that the data in question here was collected through Deep Social's modus operandi of web scraping, a technique of gathering data from web pages in an automated manner.
Soon, the open database was taken offline
When Comparitech reached out to Deep Social, they forwarded the request to Social Data, which acknowledged the error and took the exposed database offline. Social Data's spokesperson clarified, "Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all of the data is available freely to ANYONE with Internet access."
Massive databases could lead to phishing attacks
Even though web scraping is legal, social media firms, including the ones in question here, prohibit the practice through their terms. This reason being: Gathering data on a large scale could lead to massive phishing attacks and cases of financial/identity theft. In this case, around one in five entries either had a phone number or email, which could be used for targeted attacks.
Previous access remains unknown
Notably, Social Data has not revealed whether anyone else accessed this information before Comparitech got to it. If that has happened, the risk of phishing may still loom. To check if your passwords/emails have been leaked, visit haveibeenpwned.com.
