tech

Data of 235 million Instagram, TikTok, YouTube users exposed without password protection

This database contained user information like users' names, contact information, images and statistics about followers.

Scraped data comes from a technique called web scraping that gathers data from web pages in an automated manner. Web scraping is not illegal but social media companies prohibit this practice to protect user data.
Scraped data comes from a technique called web scraping that gathers data from web pages in an automated manner. Web scraping is not illegal but social media companies prohibit this practice to protect user data. (Pixabay)

A massive database with scraped data from almost 235 million Instagram, TikTok and YouTube users has been exposed without any password protection. According to reports, this database contained user information like names, contact information, images and statistics about followers.

Scraped data comes from a technique called web scraping that gathers data from web pages in an automated manner. Web scraping is not illegal but social media companies prohibit this practice to protect user data. 

A lot of analytics companies, however, create massive databases of user information by using web scrapers on popular sites and sell insights collected from these databases to other firms.

The Next Web reports that Bob Diachenko, lead researcher at security first Comparitech, found three identical copies of the database on August 1. According to Diachenko and his team, this data belonged to a company called Deep Social that is now defunct.

When Comparitech reached out to Deep Social, the request was forwarded to a Hong Kong-based firm called Social Data. Social Data acknowledged the breached and then closed access to the database. Social Data, however, denied having any links with Deep Social.

In a statement, the Social Data spokesperson said that all the data was public and had not been collected “suspiciously”

However, the likes of YouTube, Instagram and TikTok prohibit web scraping practices.

The scraped data on the exposed database contained four major datasets with details of millions of users from TikTok, Instagram and YouTube. This included information like profile name, full name, profile photo, age, gender and follower statistics. Data of this sort is usually used for spam and phishing campaigns.