- A company called Social Data exposed a database with about 235 million social media profiles.
- The servers that hosted the database weren’t password protected.
A social media analytics firm called Social Data exposed a database with information from nearly 235 million Instagram, TikTok, YouTube profiles (via The Next Web). Before Social Data took the database offline, it had no password protection and didn’t require any form of authentication to access. It contained data such as names, contact information, images, and stats about followers.
Comparitech security researcher Bob Diachenko discovered three identical copies of the database on August 1. It’s unclear if a malicious individual or group obtained the information Social Data had exposed online. Comparitech says it doesn’t know how long the servers were vulnerable before it found them.
Approximately one in five of the entries included either a phone number or email address associated with it. That’s something someone who obtained the data could use to spam and phish the people whose information was on the database.
It’s something that’s been in the news a lot recently. At the start of 2020, The New York Times published a report about Clearview AI. The startup provides facial recognition software to law enforcement agencies across North America. It built its image database using publically available data from websites like Facebook, Twitter, and YouTube. All three of the companies that own those platforms have sent cease-and-desist orders to the startup. Clearview plans to argue it has a First Amendment right to scrape people’s data.