The database containing sensitive personal information was accessible without any password.
Cyber security researcher Bob Diachenko from Comparitech revealed the presence of a database including information on more than 235 million YouTube, Instagram and TikTok profiles freely accessible on the web. The lack of protection of this database obviously raises questions. In addition to nicknames, surnames and first names, the database gathered more personal data such as phone numbers, location coordinates, subscriber statistics and images.
This database is the result of the work of the company Social Data, which specializes in selling data to marketing companies, although there is evidence to suggest that it was put together by Deep Social, another company of the same type today. hui disappeared. According to research by Bob Diachenko, there were three versions of this database exposed on the web. Informed of the problem, Social Data recognized the flaw and proceeded to delete the database.
Although the information in the database is accessible on people’s profiles, bringing it together in one list makes it easier for hackers and their phishing campaigns to do their jobs.
Beyond the risk that this type of file can represent for the people concerned, the method used to constitute it goes against the policies of the various social networks. The company Social Data has indeed indicated that it only collects the public data of the various profiles, a technique known under the name of “scraping data”. An automated method which consists of copying data and information from Internet pages in bulk, in this case data from public profiles. If this information is publicly accessible, the various social networks prohibit web scraping on their platform. Unfortunately, the detection of scraping robots is difficult for the different platforms, which is why it is difficult for Facebook, Instagram, YouTube or even TikTok to fight against them.
« Removing people’s information from Instagram is a clear violation of our policies A Facebook spokesperson told Comparitech.
It is difficult to know how long this database has been online. If the information gathered in this database is indeed publicly available online, gathering it in this way without any protection facilitates phishing attacks and other hacking attempts. Hackers are particularly fond of this kind of databases.