Huge data leak exposes 235 million Instagram, TikTok, and YouTube profiles

Comparitech has discovered that an unsecured database exposed data from nearly 235 million Instagram, TikTok, and YouTube profiles.

The database was reportedly exposed by Social Data, which is a company that sells data on social media influencers to marketers.

According to the researchers, the data likely originated from Deep Social – a now-shuttered company whose name was found in the Instagram datasets.

In 2018, both Facebook and Instagram banned Deep Social from their marketing APIs in 2018 because it was scraping data from users’ profiles.

After the pair also threatened legal action, Deep Social shut down the service.

Comparitech lead researcher Bob Diachenko found three identical copies of the exposed data on 1 August.

Diachenko contacted Deep Social to disclose the exposure, and this was in turn forwarded to Social Data. Comparitech said that Social Data’s CTO acknowledged the exposure and took down the exposed servers three hours later.

Social Data provides comment

Social Data denied any connection to Deep Social, and stressed that it did not hack any profiles to obtain the information that was exposed.

“Please note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously,” said a Social Data spokesperson.

“This is simply not true, all of the data is available freely to ANYONE with Internet access.”

“Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database. Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.”

Comparitech noted that while scraping indeed only allows these companies to access publicly-accessible data, it is against the terms of use of platforms such as Facebook, Instagram, TikTok, and YouTube.

“Scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection,” confirmed Facebook spokesperson Stephanie Otway.

Now read: Personal information of millions of South Africans exposed in banking data breach

Latest news

Partner Content

Show comments


Share this article
Huge data leak exposes 235 million Instagram, TikTok, and YouTube profiles