Breach Brief – Medical Records, Instagram, TikTok

Breach Brief – Medical Records, Instagram, TikTok

Instagram & TikTok

Security researchers have found over two million records belonging to TikTok and Instagram social media users profiles scraped from the internet. The records were discovered after they were unwittingly exposed online by an analytics firm. Scraping is a common and sneaky practice where a computer program extracts data from output generated from another program. Data scraping is the process of using an application to extract valuable information from a website.

The haul of 2.6 million TikTok and Instagram users was quickly traced to IGBlade, a firm that provides marketing insights on social media users for its customers.

“The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” the researchers wrote. “This is how we know the database belongs to IGBlade.com.” The scraping of TikTok and Instagram data could land IGBlade.com in trouble with the two social media giants. Information scraped or stolen from websites can be used in various scams and identity theft.

The exposed data included full names and usernames, profile pictures, “about” details, email addresses, phone numbers and location data. Celebrities including Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray were also caught up in the data breach.

Medical Records

TechRadar.com reported a database containing millions of healthcare records and realted medical data has reportedly been discovered by security researcher Jeremiah Fowler and the Website Planet research team. The database was not password protected.

Medical records containing U.S. patient IDs, physician notes and other detailed medical data on patients were found exposed.  While some of this data was encrypted, the notes and information on physicians were in plain text.

The physician notes found in the database contains intimate details of patient illnesses, treatments, medications, family, social and even emotional issues. In addition to being very complete descriptions, Fowler and the Website Planet research team were surprised by just how many small details were included in these notes.

Who does this information belong to? Fowler and the Website Planet research team discovered multiple references to Deep6.AI including internal emails and usernames. Deep6.AI’s software finds patients who better match the criteria for medical trials in a fraction of the time it normally takes. Their reaction after being notified of the exposed data was to place restrictions on the database and issue the following statement;

“Despite recent claims, no personal or patient health data was accessed, leaked or at risk from a Deep 6 AI proof-of-concept database.

In August, a security researcher accessed a test environment that contained dummy data from MIT’s Medical Information Mart of Intensive Care (MIMIC) system, an industry standard source for de-identified health-related test data. To confirm, no real patient data or records were included in this ephemeral test environment, and it was completely isolated from our production systems.

Based on current reporting, we have confirmed that the recent claims reference MIMIC data, and there was no access to real patient records. When the researcher notified us in August, we immediately secured the test environment to ensure there was no further concern.

Data security and privacy is a top priority at Deep 6 AI, and the responsibility to protect data is at the core of our business and top-of-mind for all our people.”