Posted on August 23, 2020 at 6:52 AM
235 Million User Profiles Exposed in Massive Data Leak
The security researchers at Comparitech revealed today that a massive data leak left the profiles of close to 235 million users from YouTube TikTok, and Instagram exposed online.
Recently, some reports are claiming the leaked data is being offered on the dark web.
According to some reports, there are about 15 billion stolen logins from more than 1,000 breaches on the dark web forums. And the hacker is releasing about 386 million of such data for free on the dark web.
However, all of the data may not have been hacked, but some were likely exposed by an unsecured database, just like the Utah Gun exchange incident.
A problem caused by unsecured database
Unsecured database is increasingly becoming a problem for database protection. Some security experts have even blamed some vigilante security researchers for the series of “Meow” attacks, which have overwritten several hundreds of such databases.
This is exactly the type of database that the Comparitech researchers, headed by Bob Diachenko, uncovered on the 1st of August. According to the researchers, the vulnerability left the personal data of about 235 million YouTube, TikTok, and Instagram users exposed.
The exposed data was not from the same dataset, but one of the most significant came from about 100 million each. The datasets contain profile records seemingly spread from Instagram.
The third-largest dataset was from records of 42 million TikTok users. The next biggest dataset was from about 4 million YouTube user profiles.
Comparitech revealed that from the samples received, one among the five records contains either an email address or a telephone number. Each of the records also includes some or all of the information such as the profile name, their full real name, description of the account, profile photo, number of the user followers., audience age, audience gender, follower growth rate, engagement rate, likes, last post timestamp, as well as audience location.
Hacked details are useful for actors running phishing attacks
Comparitech editor, Paul Bischoff, said the hacked information will be valuable to cybercriminals running fishing attacks.
“The information would probably be most valuable to spammers and cybercriminals running phishing campaigns,” he said.
He further stated that although the data can be accessed publicly since it was exposed as a well-structured database, it makes it more valuable than allowing each profile to be in isolation.
Getting the data source
Many people may be wondering how this massive data was possible to gather and put in one dataset. According to the researchers Comparitech researchers, there could be a trace of the data leak from a firm known as Deep Social. The company was banned by both Instagram and Facebook after it was found scrapping user data profile. After this ban, the company closed operation.
A Facebook spokesperson said scrapping users’ registration details on social media accounts is a complete violation of its policies. The spokesperson further revealed that Facebook revoked the account of Deep Social on its platform two years ago and notified them of the prohibition of any further scrapping of data.
The Spokesperson also said they alerted Deep Social after they discovered the database and from where it was sent. Afterward, Deep Social’s administrators sent the disclosure to a social media influencer data-marketing firm, registered in Hong-Kong. The data-marketing firm, known as Social Data, shut down the database for almost three hours after it received the email from the firm.
Social Data speaks about database exposure
Social Data has denied any link between them and Deep Social, as the Comparitech report revealed. The firm also said the profiles of social media users are available to anyone who visits the accounts of those users. But the main source of concern for this massive hack is the large gathering of these user profiles in a well-organized manner. According to the report, this has made it easier for actors to launch phishing attacks on those accounts.