Chinese start-up Socialarks suffered a massive data breach, exposing more than 400GB of personal data, including several high-profile celebrities and social media influencers, according to Safety Detectives.
According to Anurag Sen, head of Safety Detectives cybersecurity team, the company’s unsecured ElasticSearch database, without password protection or encryption, contained personally identifiable information (PII) from at least 214 million (408GB) social media users from around the world, using both populist consumer platforms such as Facebook and Instagram, as well as professional networks such as LinkedIn.
The lack of password protection or encryption on the server meant that anyone in possession of the server IP-address could have accessed the database containing millions of people’s private information.
The cybersecurity team determined the data was “scraped” from social media platforms. Data scraping is a means of extracting private information from a website.
The database contained:
- 11,651,162 Instagram user profiles
- 66,117,839 LinkedIn user profiles
- 81,551,567 Facebook user profiles
- a further 55,300,000 Facebook profiles which were summarily deleted within a few hours after our team first discovered the server and its vulnerability.
This is not the first data breach affecting Socialarks: In August 2020, the company leaked a database exposing 150 million LinkedIn, Facebook and Instagram users. This latest security incident was a “carbon copy” of the August 2020 breach, says Safety Detectives.
Source: https://www.securitymagazine.com/articles/94327-million-facebook-instagram-and-linkedin-users-scraped-data-exposed