2 min read

Over 200 Million Facebook, Instagram and LinkedIn Profiles Exposed Through Unsecured Database Held by Chinese Startup

Alina BÎZGĂ

January 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Over 200 Million Facebook, Instagram and LinkedIn Profiles Exposed Through Unsecured Database Held by Chinese Startup

Chinese social media management company Socialarks leaked personally identifiable information (PHI) of over 200 million Facebook, Instagram and LinkedIn users, according to researchers from SafetyDetectives.

The data leaked trough an unsecured ElasticSearch harbored 408GB of personal data of regular users, social media influencers and even celebrities.

Investigators found that the leaked data appeared to have been scraped from popular social media platforms, in violation of the terms of service of the social media giants.

The leaky database included the following information:

  • 81,551,567 Facebook account profiles
  • 66,117,839 LinkedIn user profiles
  • 11,651,162 Instagram aficionados accounts

Stop guessing what the internet knows about you. Find out with Bitdefender”s Digital Identity Protection!

Researchers also noted that an additional 55.3 million Facebook user profiles were deleted hours after their discovery.

“From the leaked data we discovered, it was possible to determine people”s full names, country of residence, place of work, position, subscriber data and contact information, as well as direct links to their profiles,” SafetyDetectives explained.

The exposed information for each social media platform varies, but it paints a complete picture of the user”s profile that could allow threat actors to choose their most profitable targets.

Leaked Instagram user accounts revealed full names, over 6 million phone numbers, 11 million email addresses, profile links, pictures, profile descriptions, number of followers, country of residence and most frequently used hashtags.

The Facebook account information shows similar information, alongside Like, Follow and Rating count, Messenger ID and profile description.

In the case of LinkedIn profiles, the records exposed user job profile, job title and seniority level, company name and revenue margin together with the full name and email address of users.

Although some scraped personal information did not fully expose data for all users, the investigators noticed that the database contained phone numbers and email addresses for users who opted not to make the information public on their profiles.

“Socialarks” database stored personal data for Instagram and LinkedIn users such as private phone numbers and email addresses for users that did not divulge such information publicly on their accounts,” the report reads. “How Socialarks could possibly have access to such data in the first place remains unknown.”

The China-based company suffered a similar data breach in August 2020, which exposed information on 150 million LinkedIn, Facebook and Instagram users. Investigators said the unsecured server was discovered on December 12, 2020. Two days after confirming the origin of the database, the cybersecurity team contacted Socialarks to disclose the breach.

“The company did not respond to our correspondence but the server was secured on the same day,” SafetyDetectives added.

The leak and unethical scraping of user data poses a serious security risk to exposed users. The information could be “weaponized to carry out a specific goal of extracting personal information for criminal purposes,” the report warned. “Potential ramifications of exposing personal information include identity theft and financial fraud conducted across other platforms including online banking.”

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Think Before You Click: Use This Cybersecurity Awareness Month to Strengthen Your Digital Weak Spots Think Before You Click: Use This Cybersecurity Awareness Month to Strengthen Your Digital Weak Spots
Alina BÎZGĂ

October 04, 2022

2 min read
Making educators’ digital privacy and safety easier on World Teachers’ Day Making educators’ digital privacy and safety easier on World Teachers’ Day
Alina BÎZGĂ

October 03, 2022

2 min read
Identity theft victims report long-lasting physical and emotional problems, ITRC says Identity theft victims report long-lasting physical and emotional problems, ITRC says
Alina BÎZGĂ

September 29, 2022

2 min read