Cybersecurity researchers over at Comparitech have discovered a database breach that has exposed the profile data of almost 235 million user accounts on TikTok, Instagram, and YouTube. The compromised information includes names, contact info such as emails and phone numbers, images, and follower statistics of affected accounts.
According to the report, the information was obtained from the servers of Social Data—a company that makes its living selling social media influencer data to marketing companies. It’s important to understand Social Data does not hack/steal this data—instead, the information is procured using a process called “web-scraping”.
Web-scraping is an automated process that’s used to retrieve information from websites—Facebook, Instagram, or TikTok, in this case. The information that can be obtained by web-scraping is public in nature, although the legality of the technique falls within a grey area of sorts.
For one thing, data scraping is against the Facebook, Instagram, TikTok, and YouTube Terms of Use. Deep Social—a now-defunct company—was the source of most of the data, although Social Data states that it is not affiliated with the company. For some context, Deep Social was earlier banned from Facebook and Instagram’s marketing APIs due to web-scraping practices. A Facebook spokesperson, when speaking with Comparitech, explained:
“Scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection.”
However, Comparitech explains that such data-scraping bots can be difficult to detect by social media companies. As such, data has been collected—and now breached—from almost 235 million accounts across the three platforms. While Social Data’s servers have been taking down since, what’s worrying is that free access to the database was available on the web—no password, no authentication, nothing.
Affected information includes:
While the information may have been publicly available, web-scraping is a process that divides opinions due to valid privacy and security concerns. Profile information can be used in spam campaigns—and, crucially, phishing methods that can be used to obtain information that is even more dangerous. Images may also be used for identity theft, or to spoof facial recognition safeguards.
For now, web-scraping continues to be a controversial topic—in a similar way that 3rd party cookies are, actually. It has its uses—take navigation apps as an example—but it can also compromise the privacy and security of social media accounts. To keep (most of) your data private, you can set your accounts to be “private” on various social media platforms, which means that only approved “followers” have access to personal information on your profile.
For the full report, click here.
After unveiling its latest smartphones, the Asus ROG Phone 9 series, to the world, Asus…
WhatsApp has introduced a new Voice Message Transcripts feature which allows users to easily convert…
This post is brought to you by Maybank. Unlock more than just transactions with MAE’s…
After making its debut in China late last month, the Oppo Find X8 series has…
Hyundai has officially unveiled the new Ioniq 9 which marked yet another expansion to its…
BMW Group remains bullish in its commitment to drive sustainable mobility across the Southeast Asian…
This website uses cookies.