Has a poorly secured cloud database personal information exposed to more than 235 million TikTok, Instagram and YouTube accounts. The Hong Kong-based company Social Data was unaware store the data in a database without proper password protection, which means anyone can pop in and view it. Ugh.
Cybersecurity firm Comparitech found and disclosed the vulnerability, which repaired Social Data immediately—but others with less altruistic intentions may have found it too.
Comparitech says the database stores the following information for affected accounts:
- Profile name
- Full real name
- Profile photo
- Account description
- Whether the profile belongs to a company or has ads
- Follow-up statistics, including: Number of followers; Commitment rate; Follow-up growth grows; Gender for public; Age of audience; Location for public
- Likes
- Last post timestamp
- Age
- Gender
It also holds phone numbers and email addresses for at least 20% of the named accounts.
Why this is a big deal
Large-scale data breaches are common, but this specific instance is different: The fact that information was stored in a improperly secured database is problematic, but in this case it was all publicly available information instead of private passwords or financial data. This means that access to the stored data is less of a hack and more of a general data security blunder—however a pretty heavy one, considering the variety information that consolidates the database in one place.
G / O Media can get a commission
Look at it this way: knowing a person’s full name and email is not enough to break into their account – you can find that with Google search and some bad social media, and companies know that. But having a person’s name, email, phone number, account names, street address, age en postal history all in one place creates a decent basis for identity theft.
Repeat that for hundreds of millions of accounts, and you have a significant issue for data privacy.
What you need to do now
It’s always important to update your account security in response to leaks – including you passwords—and I encourage you to do this if you are concerned about the gaffe of Social Data. This is also an excellent reminder to anonymize your data whenever possible.
I’m not saying you should delete your social media accounts or make everything private (the database contains private accounts anyway), but the more public you are online, the more security you need.
Even if you’re cool with people who know your first name in theory, if someone can match that name with an email or phone number, you can match it with a password that has been leaked somewhere else in the past, you are in trouble. The compromised database of Social Data is one of these unpredictable instances of mishandled user data that can leave your info to the wrong people. Ultimately, it is up to users to keep themselves safe.
Keep track of the data that social media platforms collect on you and remember as much personal information as you can. You can even use another name, email address or other false identifying information when you create new accounts. If a website requires information like your birthday or street address, make sure it is not publicly visible if you do not want it. Or just make it up. The less companies know about the real you, the better; do not give them more information than the basics you need to use a service, and it will be harder to tie your digital life together brek as this happens again.
[9to5mac]
.
