Due to the dubious storage methods, a social media analytics company has exposed nearly hundreds of million user profiles from Instagram, TikTok, and YouTube.
Apparently, Social Data, a company known for legally selling influential social media users’ data to marketing companies, did not even incorporate password protection nor set-up any authentication process to access the database. Some hackers got their hands on this data and dumped it in dark websites.
The data dump contained personal information of the people and user-engagement metrics including username, officially registered name, account description, whether the profile belongs to a business or has advertisements, statistics about follower engagement, including: number of followers, engagement rate, follower growth rate, audience gender, audience age, audience location, likes, last post timestamp, age, gender, and some samples included email and phone numbers as well.
Bob Diachenko’s Comparitech cybersecurity team identified the millions of user-profiles related to Instagram (192,392,954), TikTok (42,129,799 ), and YouTube (3,955,892) totaling close to 235 million in some undisclosed websites hosted at three separate IPv6 addresses. However, there is a twist here. The exposed data had links to the origin (accounts-deepsocial-90 and accounts-deep social-91) and it belonged to the Deep Social. The latter’s API (Application Programming Interface) was banned and sued by Facebook and Instagram in 2018 for fraudulently scraping user profiles.
For the uninitiated, web scraping is an automated process of pulling information from websites and social media sites. Unless the users or the host company has given permission, it is considered legal, or else it will be deemed as a serious crime for violating user privacy protocols.
Usually, as mentioned above these data is used to establish a connection between social media celebrity and big brands. We have seen how Instagram influencers are given huge sums of money for marketing a particular product on their channel. However, if the personal information gets in the hands of hackers, it can be used to make harmless prank calls to inbox spamming and even serious phishing scams to siphon off bank accounts.
To prevent such an eventuality, Diachenko reached out to the Deep Social to plug their security loophole and the latter forwarded the information to the Social Data.
The Chief Technology Officer of Social Data acknowledged the issue and closed the access door to the database. The company has apparently declined to reveal how the data origin linking Deep Social, stored in Socal Data’s cloud server.
This apparently raises concerns if both the companies have complicit understanding with each other for monetary benefits.
It remains to be seen if Instagram parent company Facebook, TikTok and Google YouTube take any stern action on Social Data for this episode and scale up the security to protect their users’ privacy and personal data.