Social Data, a company known for selling socmed influencers’ data to marketers, recently endangered the profiles of 235 million socmed users on the web through an exposed database.
Comparitech researchers found the database without any protections such as passwords or other means of authentication to gain access to the file. The leaked info includes sensitive and personally identifiable information such as name, contact details, images, and follower statistics.
As per the report, the database contains 96,714,241 records from Instagram, another 95,678,713 from Instagram, 42,129,799 from TikTok and 3,955,892 from YouTube.
According to the findings of the cybersecurity research team led by Bob Diachenko, the profiles were scraped from various networking platforms such as TikTok, YouTube, and Instagram. There are three identical copies of the database which was discovered on August 1.
Further investigation showed that a large portion of the leaked info originated from a company called Deep Social. The filenames of the exposed Instagram are accounts-deepsocial-90 and accounts-deepsocial-91, which led the team to this conclusion.
Deep Social has been banned by Facebook and Instagram from their marketing application program interfaces (APIs) back in 2018. The two platforms also warned against further info scraping from user profiles.
Diachenko got in touch with Deep Social through an email address posted on its website to inform the company of the leak. The firm then contacted Social Data, whose chief technology officer acknowledged the issue.
As a result, Social Data’s servers that hosted the info went offline around three hours after the company was informed of the leak.
The Comparitech report said that “Social Data denies any connection between itself and Deep Social.”
A Social Data spokesperson said in an email, “Please note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously.”
They also emphasized that “this is simply not true” as “all of the data is available freely to anyone with internet access.”
The spokesperson also sought to clear the firm’s name by saying that “anyone could phish or contact any person that indicates telephone and email on his social network profile in the same way even without the existence of the database.”
Meanwhile, Facebook spokesperson Stephanie Otway said in an email to Comparitech that “scraping people’s information from Instagram is a clear violation of [the company’s] policies.”