318M Social Media Records Leaked due to Misconfig

A vulnerability in the systems of SocialArks has compromised a whopping 318 million social media profiles across various platforms, reported Threatpost. The accounts are from various places across the globe.

According to the report by Safety Detectives researchers, some of the accounts are included in a leak involving 214 million social media users that are public and private. The compromised data amounts to 400 gigabytes and includes worldwide celebrities and influencers.

The flaw occurred after a misconfiguration in the ElasticSearch database, which is owned by SocialArks, a Chinese social media management firm. The exposed files contain personally identifiable information from Facebook, LinkedIn, Instagram, and other platforms.

Social Media Records Leaked

The researchers discovered that the misconfigured server has been leaking the information without passwords or encryption. Around 318 million records are stored on the server. The vulnerability was found during a routine inspection checking IP-addresses on potentially unsecured databases.

According to the researchers, “Our research team was able to determine that the entirety of the leaked data was ‘scraped’ from social media platforms, which is both unethical and a violation of Facebook’s Instagram’s, and LinkedIn’s terms of service.”

The profiles found in the leak include 11,651,162 Instagram accounts, 66,117,839 LinkedIn accounts, and 81,551,567 Facebook accounts, with 55,300,000 Facebook accounts have been deleted within a few hours after the discovery of the leak.

In a blog by Safety Detectives, the team revealed that the number of leaked profiles matches the number of those involved in an August leak, but with notable differences such as the database size, company, and indices.

The team also said, “The affected server, hosted by Tencent, was segmented into indices in order to store data obtained from each social media source. Our team discovered records from 3 major social media platforms.”

Upon inspecting the data, the team found high-profile users in the list of compromised accounts. Some of them are celebrities, influencers, and food bloggers. Their biographies, display pictures, number of followers, and location settings have been exposed.

Moreover, personal info including email addresses and phone numbers have also been compromised.

Facebook accounts had their contact information leaked, as well. However, the team noted that most of those involved are pages and not from individuals.

Meanwhile, LinkedIn profiles had their job information exposed, along with their connected social media account usernames, company name, and revenue margins.

It is worth noting that the leaked information can be used for criminal activities such as phishing and fraud.