Cybersecurity researchers over at Comparitech have discovered a database breach that has exposed the profile data of almost 235 million user accounts on TikTok, Instagram, and YouTube. The compromised information includes names, contact info such as emails and phone numbers, images, and follower statistics of affected accounts.
According to the report, the information was obtained from the servers of Social Data—a company that makes its living selling social media influencer data to marketing companies. It’s important to understand Social Data does not hack/steal this data—instead, the information is procured using a process called “web-scraping”.
Web-scraping is an automated process that’s used to retrieve information from websites—Facebook, Instagram, or TikTok, in this case. The information that can be obtained by web-scraping is public in nature, although the legality of the technique falls within a grey area of sorts.
For one thing, data scraping is against the Facebook, Instagram, TikTok, and YouTube Terms of Use. Deep Social—a now-defunct company—was the source of most of the data, although Social Data states that it is not affiliated with the company. For some context, Deep Social was earlier banned from Facebook and Instagram’s marketing APIs due to web-scraping practices. A Facebook spokesperson, when speaking with Comparitech, explained:
“Scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection.”
However, Comparitech explains that such data-scraping bots can be difficult to detect by social media companies. As such, data has been collected—and now breached—from almost 235 million accounts across the three platforms. While Social Data’s servers have been taking down since, what’s worrying is that free access to the database was available on the web—no password, no authentication, nothing.
Affected information includes:
While the information may have been publicly available, web-scraping is a process that divides opinions due to valid privacy and security concerns. Profile information can be used in spam campaigns—and, crucially, phishing methods that can be used to obtain information that is even more dangerous. Images may also be used for identity theft, or to spoof facial recognition safeguards.
For now, web-scraping continues to be a controversial topic—in a similar way that 3rd party cookies are, actually. It has its uses—take navigation apps as an example—but it can also compromise the privacy and security of social media accounts. To keep (most of) your data private, you can set your accounts to be “private” on various social media platforms, which means that only approved “followers” have access to personal information on your profile.
For the full report, click here.
Gentari has released a statement to address the recent discounted Gentari Go EV charging service…
Want to convert almost any TV with an HDMI port into a Google TV? Xiaomi…
Sony has introduced the Sony WF-1000XM6 in Malaysia, its latest flagship truly wireless earbuds under…
More than a year after it was first previewed at the KL International Mobility Show…
Google has officially announced its latest smartphone, the Pixel 10a. The new model joined other…
Ahead of the Chinese New Year holiday, Gentari has upgraded its existing EV charging station…
This website uses cookies.