Data Hack Alert: 235 Million Social Media Accounts Exposed


database of approximately a quarter-million (235 Million) public profiles of three major social media platforms namely Instagram (owned By Facebook), TikTok (A China-based app) and Youtube (owned By Google) have undergone data hack and exposed. The profiles were held by the now-closed company named “Deep Social”, as reported by a news portal on the 20th of August 2020 (Thursday).

The news portal has attributed the information regarding the data hack to a researcher of the security firm Comparitech, Bob Diachenko, who thinks that an unsecured database was the leading cause behind this data breach. 

“The information would probably be most valuable to spammers and cybercriminals running phishing campaigns. Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation,” said Paul Bischoff, editor at Comparitech.

“Social Data has denied any connection between itself and Deep Social,” according to the Comparitech report.

A report published on the 19th of August on one of the news portals had stated in part – 

“Diachenko first contacted Deep Social using the email address listed on its website to disclose the exposure. The administrators of Deep Social forwarded the disclosure to Social Data. The CTO of Social Data acknowledged the exposure, and the servers hosting the data were taken down about three hours later.”

Apart from the various other things, Deep Social had also provided social media data. It is reported that the company is no longer operational. And that Social Data is in a similar business.

Image: Mashable India

The portal had included an email assertedly from Deep Social to Diachenko that stated – 

“Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true; all of the data is available freely to ANYONE with internet access. I would appreciate it if you could ensure that this is made clear. Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way, even without the existence of the database. […] Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.”

“The data was spread across several datasets and the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram,” reports Forbes, quoting the security researchers.

Web scraping can be defined as the process of utilizing the programs for flying through the multiple layers of websites and copy the information to use later. However, it is illegal since many operators of the sites for attempting to prohibit the practice via their terms of service.

Although it is legal to have the type of data that Diachenko has uncovered from the data hack. But it is dangerous because the social engineering attack operators like the phishing can make use of it to wage the targeted cyber attacks on internet users.

Source: Pymnts

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.



Please enter your comment!
Please enter your name here