A company that sells social media data to marketers has exposed nearly 235 million YouTube, TikTok and Instagram profiles.
Social Data managed a database that was neither password protected nor had any authentication method, according to a report from Comparitech.
The data reportedly includes information including names, contact information, personal information, images, and statistics about followers.
Download the new Independent Premium app
Sharing the full story, not just the headlines
Comparitech also said that it offers detailed information on those accounts, such as number of followers, engagement rate, follower growth rate, audience gender, audience age, audience location, and likes. .
Security researcher Bob Diachenko, who previously helped uncover the ‘Meow’ hack, said he discovered three identical copies of the exposed data earlier in the month.
According to Comparitech, the company responsible for the insecure database was a now-closed company called Deep Social. When informed by Comparitech of the breach, Deep Social forwarded the disclosure to Social Data.
The Social Data CTO reportedly acknowledged the exposure and deactivated the servers within three hours, but Social Data denies any connection between it and Deep Social.
Facebook and Instagram banned Deep Social from their marketing APIs in 2018 to extract data from user profiles. “Taking people’s information off Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and issued a legal notice prohibiting any further data collection, ”said a Facebook spokesperson.
Speaking to Comparitech, a Social Data spokesperson said “Please note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all data is freely available to ANYONE with internet access.
“I would appreciate it if you would make sure this is clear. Anyone can phish or contact anyone who indicates phone and email in the description of their social network profile in the same way even without the existence of the database.
“The social networks themselves expose the data to outsiders – that’s their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private [sic]»They continued.
Social Data launched in August 2019, is based in Hong Kong, and has apparently worked with companies like Samsung, Heineken, L’Oreal, Unilever, Walmart, Amazon, Disney, and Booking.com.
It is unclear how long the data had been exposed prior to August 1, when it was detected, or if malicious people accessed it. The independent has contacted Social Data for clarification.