Chennai: Profiles of around 235 million Instagram, TikTok and YouTube users have been exposed online in a massive data leak reported by the security research team Comparitech.
Unsecured databases are fast becoming such a huge data protection problem. And it was such an unsecured database that the Comparitech researchers, led by Bob Diachenko, discovered recently, leaving the personal profile data of nearly 235 million Instagram, TikTok and YouTube users up for grabs.
The data appears to have been collected by a practice known as web-scraping, where a company accesses the web interface of a service and then collates data automatically …
This is different from a hack, as that involves breaking into a system in order to access data that is not supposed to be publicly accessible. Web-scraping accesses only public data.
The data included a wealth of information including names, contact info, personal info, images, and statistics about followers. “The profiles were taken from publicly viewable social media pages on Youtube, TikTok, and Instagram. Security researcher Bob Diachenko, who leads Comparitech’s cybersecurity research team, uncovered three identical copies of the exposed data on 1 August,” said a report published on the Comparitech website.
“The data was spread across several datasets and the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram,” reported Forbes, quoting the security researchers.
According to Comparitech, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, information including profile name, full real name, profile photo, account description, apart from statistics about follower engagement such as number of followers, engagement rate, follower growth rate, audience gender, audience age, audience location, likes, last post timestamp, age and gender.
The information stored in this database is vulnerable to spam marketing and phishing campaigns.
“The information would probably be most valuable to spammers and cybercriminals running phishing campaigns,” Paul Bischoff, Comparitech editor, told Forbes.
He added: “Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation.”