On many occasions, massive leaks of private user data are produced by actions of cybercriminals who seek to steal them, but in other cases they are errors of those who have the management of those databases. They are databases that are not protected, that are exposed, unencrypted and that is like having the door of the house open for whoever wants to enter.
This is what happened today on a large scale, because the data of up to 235 million users of various social networks have been leaked.
TikTok, YouTube, Instagram
No less than three of the most active, TikTok, Instagram and YouTube, as we read in the media Forbes, it has been the cybersecurity company Comparitech that has found the security breach through its researchers, who have tracked the problem to three ‘datasets’ -data sets- unencrypted that contained this information:
– 2 data sets with less than 100 million Instagram user data each, containing profile data
– 1 dataset with data from 42 million TikTok users and almost 4 million YouTube user profiles
Comparitech notes that based on the samples it collected, 1 in 5 records contained a phone number or an email address. Each record also included the following information for each user:
- Profile name
- Full real name
- Profile picture
- Account description
And a high number of statistics on the interaction of the followers in each filtered user account, including:
- Number of followers
- Interaction rate
- Followers growth rate
- Audience gender
- Audience age
- Audience location
- Amount of Likes
- Date of last publication
Leaked information from a company that had previously stolen it?
But there has to be an origin for this, because 235 million user data from social media accounts that are theoretically shielded are not filtered just like that. Comparitech has a suspect, and points the finger at a company called Deep Social, which was already banned from Facebook and Instagram in 2018 for having kept user data. Comparitech warned Deep Social that there was a problem with their databases, “assuming the data belonged to them.”
This is where it gets interesting, because according to Comparitech, Deep Social admins made this issue public to a Hong Kong-registered Social Influencers data marketing company called Social Data. And Social Data “shut down the database about three hours after our initial email,” says Comparitech editor Paul Bischoff. Although officially, Social Data has indicated not having any connection with the Deep Social company.
This failure, this massive leak, did not happen today, but was discovered by Comparitech almost 3 weeks ago, on August 1st.