Social media data broker Bob Diachenko has found 235 million social media accounts exposed online on a misconfigured database. He teamed up with tech firm Comparitech to uncover millions of copies of this data found online with no password or authentication required to access it.
Out of these 235 million accounts, 192 million were Instagram profiles, 42 million were from Tiktok, and four million belonged to YouTube. For each of these exposed accounts, the record contained personal information including a person’s profile name, real name, profile pictures, account description, age, gender, and more. Some of them even contained phone numbers and email addresses.
Although access to this database was shut down within 3 hours of disclosure, it remains unclear how long it was left exposed online. Comparitech warns that if discovered, this data could have been easily used by spammers or malicious attackers for more convincing phishing attacks.
Additionally, even though the data was taken from publicly available profiles, their consolidation into one large database makes it quite attractive for cybercriminals.
Comparitech further added that the evidence they collected suggests a connection with Deep Social, a company that left Facebook and Instagram marketing API once it was threatened by litigation in 2018.
Social Data, a firm that sells data from social media accounts to marketers has denied any such connection even though the original datasets were labeled as “accounts-deepsocial-90” and “accounts-deepsocial-91.”