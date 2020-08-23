A massive data breach has exposed data of millions of social media users recently. The breach exposed information of users on TikTok, Instagram, and YouTube. The data leak saw users’ personal profiles up for grabs on the Dark Web.

According to a security research team at Comparitech, 235 million users on Instagram, YouTube, and TikTok had their data breached. The profiles were taken from the pages of social media platforms that were publicly viewable.

Forbes quoted from the report – “The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.”

Security researcher Bob Diachenko, who leads Comparitech’s cybersecurity research team, uncovered three identical copies of the exposed data on August 1. The report suggests that one in five records contained either an email address or telephone number of the users, along with profile photos, profile names, account descriptions, number of followers and likes, full real names, etc.

Paul Bischoff, Editor at Comparitech, said, “The information would probably be most valuable to spammers and cybercriminals running phishing campaigns. Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation.”

The researchers claimed that the data leak was due to a company called Deep Social, which was banned by both Instagram and parent company Facebook for web scraping user profile data. Web scraping refers to a way of collecting data from the pages of websites in an automated way to form databases.

The researchers contacted Deep Social assuming the data belonged to them, but Deep Social’s administrators forwarded the disclosure to the Hong-Kong-based social media company Social Data. Social Data accepted the data breach and stopped access to the data. Although, the company refuted any link with Deep Social.

Bischoff said, “Social Data shut down the database about three hours after our initial email.”