- A company called Social Data exposed a database of approximately 235 million social media profiles.
- The servers hosting the database were not password protected.
A social media analytics firm called Social Data has unveiled a database containing information from nearly 235 million Instagram, TikTok, YouTube profiles (via The following web). Before Social Data took the database offline, it did not have password protection and did not need any form of authentication to access it. It contained data such as names, contact information, images and statistics about followers.
Comparitech security researcher Bob Diachenko discovered three identical copies of the database on August 1. It is unclear if a malicious individual or group received the information Social Social Data had exposed online. Comparitech says it does not know how long the servers were vulnerable before they were found.
Approximately one in five of the submissions contained either a phone number or an email address. That’s something that someone who got the data could use to spam and phish people whose information was in the database.
Social data may have links with Deep Social, an analytics platform that shuts down in 2018 after Facebook banned its marketing APIs. In a statement to Comparitech, a spokeswoman for the company said that the company has obtained all the information in its database by collecting it from publicly visible profiles. This suggests that Social Data automatically collects the data with a practice called data deletion. Although legal in the US, data scraping is something that prohibits almost any online platform through its terms of use.
Related: Best privacy apps to keep your anonymity intact
It’s something that’s been in the news a lot lately. At the beginning of 2020 The New York Times published a report on Clearview AI. The startup provides face recognition software to lawmakers in North America. It built its image database with publicly available data from websites such as Facebook, Twitter, and YouTube. All three of the companies that have these platforms have held orders and stopped after startup. Clearview intends to argue that it has a First Amendment right to delete people’s data.
