Social media profile information exposed in large data breach

For many social media users, data security is a genuine, legitimate fear. Now, a major security incident has been highlighted by researchers at Comparitech that affects consumers using some of the most popular platforms.

So, who does it affect? And what data is at risk. 

According to the report, an estimated 235 million profiles on Instagram, YouTube, and TikTok have been exposed and data scraped by Hong Kong-based company, Social Data. 

This includes the following information: 

  • Profile picture 
  • Full name, age, and gender
  • Business or personal account 
  • Advertising info for business accounts 
  • Date and details of last post 
  • Phone number and email address 

The data collected also includes key engagement and account growth statistics such as  follower engagement rate, number of followers, follower growth, audience demographics, and likes, shares, and comments. 

According to Social Data, it was able to collect this data as the profiles weren’t protected by a password restriction or any other authentication method. 

It says that this is detailed in its Terms and Conditions, and that it frequently scrapes data, particularly of influencers that “have a presence on the Internet having in excess of a certain amount of followers (decided by the marketer) on various social media platforms.”

They do this for marketing purposes, as automated data copying is an inexpensive method of collecting information about consumers. This is popular with lots of marketing companies that are looking to cut costs. 

However, Comparitech says the practice is against terms of use for most social media platforms, including, but not limited to Facebook, YouTube, Instagram, and TikTok. 

A spokesperson for Social Data said, “Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all of the data is available freely to ANYONE with Internet access.”

“I would appreciate it if you could ensure that this is made clear. Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database.”

“Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.”

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.