Chinese Company Leaks Social Media Users Data
SafetyDetectives, a cybersecurity firm has spotted this exposed Elasticsearch database on December 12th, in their routine of scanning vulnerable IP addresses. They got their hands on this since the Chinese company, Socialarks hasn’t safeguarded the database with any password. These common misconfiguration mistakes are being made by almost every tech company, and gives hackers the chance to exploit them! Socialarks by work is a data scraping company, which claims itself in the social media management space and handles the collection and marketing of such data. The database it exposed reveals about 408GB worth of data, which contains over 318 million records belonging to over 214 million people. From the analysis made by SafetyDetectives, they found that most (or all) of this data belongs to users from Facebook, Instagram, and LinkedIn. Also Read- TikTok, Instagram and YouTube Users Records Exposed Online Classifying further, there are about 11.6 million profiles of Instagram users, 66.1 million LinkedIn, and 81.5 million Facebook users. There were also additional 55.3 million Facebook records that were subsequently deleted after being spotted. Surprisingly, these numbers are the same as the data breach that Socialarks faced in August 2020, and hasn’t changed much. The affected server was hosted by Tencent, which leaked the database containing profiles of not just the normal users, but also about famous personalities on various social media platforms. The PII consisted of full names, profile links, email addresses, a profile description, location, job roles, associated company details, followers/following count, profile pictures, etc. While some included more, some had less and partially filled. What’s more intriguing is that Socialarks has even listed the data of contact detail like phone numbers of users who held their accounts private! How it gathered this information is unknown and disputed of what tool it has used for that. Also, it’s unknown that anyone has accessed this database before being spotted by SafetyDetectives. Yet, Socialarks has secured the database the same day (December 24th, 2020) of informing but didn’t return any comment on reporting.