Digital Identity Digital Privacy Industry News

Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database

A security researcher has found a database with almost 235 million social media profiles scraped from the Internet, likely belonging to Social Data.

Public user data is precious, and many companies want to gather it and sell it. Social media networks represent one of the best sources of this information. Many users keep their profiles open, allowing companies such as Deep Social to collect that data and compile it further.

Bob Diachenko from Comparitech found three identical copies of the database online, with profiles taken from YouTube, TikTok and Instagram. While the database belonged to Social Data, the evidence point toward Deep Social, another company used to scrape data from online sources and has since dissolved.

After social media networks found out about Deep Social’s practices, they banned their APIs from collecting data, but many other companies continue this type of operation.

According to Comparitech, the data contained names, contact information, personal information, images and statistics. A few hours after the incident was reported, Social Data took the databases down.

It’s easy to assume that a user might not have sensitive information in one social media profile, but scraping reveals multiple sources for one person. Compiling data from different sources creates a clearer image of the digital persona, showing trends, preferences, spending habits, political preferences, location and other information.

Besides the legal aspect, the biggest issue is that social media networks prohibit this kind of data gathering as it violates their user policies. This hasn’t stopped companies from gathering data, but it’s challenging to identify traffic from organizations such as Social Data.

While Social Data denies collecting data not already available online, the simple act of scraping and matching public data is not allowed.

“Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database,” said Social Data’s spokesperson in an email to Comparitech. “Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.”

About the author

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.