Renowned social media data broker Bob Diachenko exposed the public-facing profiles of 235 million users through a misconfigured online database. The data broker collaborative with a firm known as Comparitech to uncover millions of copies of the data found online without authentication or password required to access.
In total, over 180 million user profiles were from Instagram, 40 million profiles from TikTok, and 4 million from YouTube. Each of the records possesses information such as profile names, profile pics, description of accounts, gender, age, real name, etc.
About one-fifth of profiles have either a phone number or the email address as per the report of Comparitech. Although the user information contained in this trove was all publicly available, social media giant like Facebook has threatened legal action in the past against automated data scraping firms that subsequently sell their connection to the marketer.
According to Comparitech, if the data got discovered, the trove could have been used by spammers, or to make follow-on phishing attacks more convincing. Although access to the database was closed within 3 hours of disclosure, it is still unclear as to how long it remained exposed online.
The expose data traced back to a firm known as Social Data which sells the user information on social media influencers to the marketers.
Furthermore, Comparitech also mentioned about the ‘evidence’ that was collected showed a link of data with the firm “Deep Social”. It is a company that left Facebook and Instagram marketing API once it was threatened by litigation in 2018.