Security researchers have found out an uncovered database online which consists of scraped data from the social media profiles of nearly 235m Instagram, TikTok and YouTube users. For those unfamiliar with the practice, web scraping is an automatic technique used to collect data from websites that is usually hired by analytics firms who use it to create large databases of user guidance. Although the practice is legal, it is precisely prohibited by social media agencies as it puts the privacy in their users and their data in peril. Comparitech’s lead researcher Bob Diachenko discovered three exact copies of the uncovered database online at the beginning of August. After analyzing the database, Diachenko and his team learned that it belonged to a firm called Deep Social which has shut down its operations.
Protect your privacy online with one of the best VPN servicesWe’ve put together a list of the good nameless browsers availableThese are the good privacy apps for Android on the marketWhen the team reached out to the now defunct company, its request was forwarded to a Hong Kong based firm called Social Data. While Social Data denied having any connection to Deep Social, the firm did acknowledge the breach and was capable of secure the exposed database with a password. Social media scraping In an email to Diachenko integrated in Comparitech’s blog post on the matter, Social Data tried to defend the train of web scraping while also making the purpose that the database, which was left online with no password to secure it, was not hacked, saying:“Please, note that the unfavorable connotation that the data has been hacked implies that the suggestions was got surreptitiously. This is just not true, all the data is offered freely to ANYONE with Internet access. I would appreciate it if you could make sure that here is made clear.
Anyone could phish or touch any person that shows telephone and email on his social network profile description in a similar way even without the lifestyles of the database. Social networks themselves expose the data to outsiders – that’s their business – open public networks and profiles. Those users who do not wish to provide counsel, make their bills deepest. ”Diachenko and his team figured out three identical copies of the database which have been hosted at three separate IPV6 addresses. Of the nearly 235m social media profiles in the database, 191m archives were scraped from Instagram, 42m were scraped from TikTok and almost 4m were scraped from YouTube. Each of the entries in the database encompasses a wealth of tips on the users of these services whose data was scraped including their profile name, real name, profile photo, age, gender, engagement facts and more.
While scraping user data from social media sites is not illegal, failing to secure this data after it has been accrued poses a significant risk to the affected users as cybercriminals could use the tips from the database to target them online.