Around 235 million users of Instagram, TikTok and YouTube were hit by a massive data leak, and the user data was available online.
The security research team at Comparitech disclosed that the unsecured database left almost 235 million Instagram, TikTok and YouTube user-profiles exposed online.
There was around 42 million datasets of TikTok users and nearly 4 million YouTube user profiles.
The leak included user’s data like contact information or email address, along with profile name it included real name, profile photo, account description, number of followers and likes etc.
The database was taken offline soon after researchers from Comparitech notified the database’s current administrators that it was unsecured.
According to the researchers, the data leak points out to a company called Deep Social which was banned by both Facebook and Instagram in 2018 after scraping user profile data. The database is currently operated by a different company called Social Data.
Comparitech said that as soon as data market company Social Data was reported it shut down the unsecured database and it denied any connection between itself and Deep Social.
“We collect data and enrich it with additional useful insights solely on behalf of our reputable customers, who use it strictly for the intended purposes. It is extremely sad that this incident has occurred due to a mixture of unfortunate events. However, as soon as we learned of the incident, we fixed it immediately. We have since been closely working with the information security experts on auditing our security infrastructure and increasing the required levels of information security to avoid similar occurrences in the future,” said a spokesperson from Social Data.
“The information would probably be most valuable to spammers and cybercriminals running phishing campaigns, ” reported Paul Bischoff, editor at Comparitech.
It is still not known for how long the database was left exposed without a password.
Collecting publicly displayed information from social media services is not illegal. However, most social-media companies forbid it in their terms of service and reserve the right to block such activities.