Breach Brief – TikTok, Instagram, YouTube

Published On August 26, 2020 | By Tom Huskerson | Breach Briefs

An exposed database was found online that contained data for nearly 235 million users of TikTok, Instagram, and YouTube. The database contained personally identifiable information (PII), including names, contact information, images and statistics about followers. As matter of fact, according to security researcher Bob Diachenko, who leads Comparitech’s cybersecurity research team, three identical copies of the exposed data were found hosted at three separate IP addresses.

The information was believed to have been scraped form TikTok, Instagram and YouTube. Here is the breakdown;

  • 96,714,241 records scraped from Instagram
  • 95,678,713 records scraped from Instagram
  • 42,129,799 records scraped from TikTok
  • 3,955,892 records scraped from Youtube

These records contain the following information;

  • Profile name
  • Full real name
  • Profile photo
  • Account description
  • Whether the profile belongs to a business or has advertisements
  • Statistics about follower engagement, including:
    • Number of followers
    • Engagement rate
    • Follower growth rate
    • Audience gender
    • Audience age
    • Audience location
    • Likes
  • Last post timestamp
  • Age
  • Gender

Now here is where the story get just slightly twisted. Based on the evidence much of the data seems be the leftover remnants of a now defunct company called Deep Social. Based on this, Diachenko contacted Deep Social using the email address listed on its website to disclose the exposure. The administrators of Deep Social forwarded the disclosure to Social Data. The CTO of Social Data acknowledged the exposure, and the servers hosting the data were taken down about three hours later. Remember that. Its important.

Now according to the report Facebook and Instagram banned Deep Social from their marketing APIs in 2018 and threatened legal action against the company if they continued to scrape data from their users’ profiles. Deep Social reduced its operations and eventually went under. According to Comparitech Social Data denies any connection between itself and Deep Social. If that is so then why did the Deep Social representative refer Diachenko to Social Data? And how was Social Data able to remove the database?

An email from Social Data to Diachenko stated; “Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all of the data is available freely to ANYONE with internet access. I would appreciate it if you could ensure that this is made clear. Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database. Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.” But remember, Social Data has no link to Deep Social. Go figure.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.