- A company called Social Data exposed a database with about 235 million social media profiles.
- The servers that hosted the database weren’t password protected.
A social media analytics firm called Social Data exposed a database with information from nearly 235 million Instagram, TikTok, YouTube profiles (via The Next Web). Before Social Data took the database offline, it had no password protection and didn’t require any form of authentication to access. It contained data such as names, contact information, images, and stats about followers.
Comparitech security researcher Bob Diachenko discovered three identical copies of the database on August 1. It’s unclear if a malicious individual or group obtained the information Social Data had exposed online. Comparitech says it doesn’t know how long the servers were vulnerable before it found them.
Approximately one in five of the entries included either a phone number or email address associated with it. That’s something someone who obtained the data could use to spam and phish the people whose information was on the database.
Social Data may have links with Deep Social, an analytics platform that shut down in 2018 after Facebook banned it from its marketing APIs. In a statement to Comparitech, a spokesperson for the firm said the company obtained all the information in its database by gathering it from publically viewable profiles. That suggests Social Data collected the data automatically using a practice called data scraping. While legal in the US, data scraping is something almost every online platform prohibits through its terms of use.
Related:Â Best privacy apps to keep your anonymity intact
It’s something that’s been in the news a lot recently. At the start of 2020, The New York Times published a report about Clearview AI. The startup provides facial recognition software to law enforcement agencies across North America. It built its image database using publically available data from websites like Facebook, Twitter, and YouTube. All three of the companies that own those platforms have sent cease-and-desist orders to the startup. Clearview plans to argue it has a First Amendment right to scrape people’s data.