Comparitech has discovered that an unsecured database exposed data from nearly 235 million Instagram, TikTok, and YouTube profiles.
The database was reportedly exposed by Social Data, which is a company that sells data on social media influencers to marketers.
According to the researchers, the data likely originated from Deep Social – a now-shuttered company whose name was found in the Instagram datasets.
In 2018, both Facebook and Instagram banned Deep Social from their marketing APIs in 2018 because it was scraping data from users’ profiles.
After the pair also threatened legal action, Deep Social shut down the service.
Comparitech lead researcher Bob Diachenko found three identical copies of the exposed data on 1 August.
Diachenko contacted Deep Social to disclose the exposure, and this was in turn forwarded to Social Data. Comparitech said that Social Data’s CTO acknowledged the exposure and took down the exposed servers three hours later.
Social Data provides comment
Social Data denied any connection to Deep Social, and stressed that it did not hack any profiles to obtain the information that was exposed.
“Please note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously,” said a Social Data spokesperson.
“This is simply not true, all of the data is available freely to ANYONE with Internet access.”
“Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database. Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.”
“Scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection,” confirmed Facebook spokesperson Stephanie Otway.