SocialArks’ owns a database called ElasticSearch, and this misconfigured database contained personally identifiable information of users from social media platforms. Researchers at Safety Detectives found the affected server, which is hosted by Tencent during a routine security check.
As per the researchers, this server that got exposed on the internet without any security key, encryption, or passwords has all the data saved in segmented indices to save all the information from different social media sources.
The researchers found out that all the users’ data that was present on that server in the affected database was all scraped from various social media platforms. While web-scraping is allowed to some extent, platforms like Facebook, LinkedIn, Instagram, etc. do not allow it. Hence, this was a violation of the guidelines of these social platforms too.
Out of 318 million total records, around 11651162 user profiles were collected from Instagram, while 66117839 profiles came from LinkedIn users. Almost 81551567 profiles were from Facebook users. An additional 55300000 Facebook profiles were also there but they were deleted after a little while when the exposed server was found out.
All of this data included biographies, phone numbers, email addresses, the total number of followers, comments, most used hashtags, etc. Whatever activity these users were doing on their social platforms, some of that information was present in this database and it was all scrapped.
The problem is that whenever data from social media is scraped, it is inadvertent that some of the sensitive information also gets leaked. While it is important to use social networks sensibly without giving out too much of your private information, it is still a vulnerable thing and basically fortifies the fact that if something ever goes online in the data cloud, it remains there and never gets deleted.
However, people need to be careful about their information and the apps and sites that they allow to gather their data for ad targeting or other marketing purposes.
The SocialArks’ data contained private phone numbers and email addresses of social media users, celebrities, and influencers that they do not reveal on their social platforms. Now, this is where the mystery begins. If SocialArks’ was scraping all that data from the social sites, how did it manage to get its hands on the private data that was not available on those social sites? Does SocialArks’ use some other ways too to gather all the private information? And if it does, why it did not keep it all secure? Why was the breach even possible and why had SocialArks’ not taken enough measures to protect the public and private data of all these 318 million users?
Photo: monsitj / Getty /iStock
This post was written by Arooj Ahmed and was first posted to Digital Information World
Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.