Cybersecurity researchers over at Comparitech have discovered a database breach that has exposed the profile data of almost 235 million user accounts on TikTok, Instagram, and YouTube. The compromised information includes names, contact info such as emails and phone numbers, images, and follower statistics of affected accounts.
According to the report, the information was obtained from the servers of Social Data—a company that makes its living selling social media influencer data to marketing companies. It’s important to understand Social Data does not hack/steal this data—instead, the information is procured using a process called “web-scraping”.
Web-scraping is an automated process that’s used to retrieve information from websites—Facebook, Instagram, or TikTok, in this case. The information that can be obtained by web-scraping is public in nature, although the legality of the technique falls within a grey area of sorts.
For one thing, data scraping is against the Facebook, Instagram, TikTok, and YouTube Terms of Use. Deep Social—a now-defunct company—was the source of most of the data, although Social Data states that it is not affiliated with the company. For some context, Deep Social was earlier banned from Facebook and Instagram’s marketing APIs due to web-scraping practices. A Facebook spokesperson, when speaking with Comparitech, explained:
“Scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection.”
However, Comparitech explains that such data-scraping bots can be difficult to detect by social media companies. As such, data has been collected—and now breached—from almost 235 million accounts across the three platforms. While Social Data’s servers have been taking down since, what’s worrying is that free access to the database was available on the web—no password, no authentication, nothing.
Affected information includes:
While the information may have been publicly available, web-scraping is a process that divides opinions due to valid privacy and security concerns. Profile information can be used in spam campaigns—and, crucially, phishing methods that can be used to obtain information that is even more dangerous. Images may also be used for identity theft, or to spoof facial recognition safeguards.
For now, web-scraping continues to be a controversial topic—in a similar way that 3rd party cookies are, actually. It has its uses—take navigation apps as an example—but it can also compromise the privacy and security of social media accounts. To keep (most of) your data private, you can set your accounts to be “private” on various social media platforms, which means that only approved “followers” have access to personal information on your profile.
For the full report, click here.
The Poco X8 Pro and X8 Pro Max have officially launched and they are now…
Renowned tyre retailer and automotive service provider, Lim Tayar, has recently hosted the 3rd Berbuka…
U Mobile has announced that Mawar Setia Sdn. Bhd. now holds more than 50% shareholding…
MCash has announced its direct participation in Payments Network Malaysia (PayNet), enabling DuitNow QR payments…
Owners of Proton e.MAS 7 BEV and PHEV as well as e.MAS 5 will be…
Sony PlayStation has recently released the DualSense PC Ready Edition in Malaysia. While it might…
This website uses cookies.