In an e-mail to Diachenko included in Comparitechs blog site post on the matter, Social Data tried to defend the practice of web scraping while also making the point that the database, which was left online without a password to secure it, was not hacked, saying:
” Please, note that the unfavorable connotation that the information has been hacked indicates that the info was obtained surreptitiously. This is simply not real, all of the data is offered easily to ANYONE with Internet access. I would value it if you might make sure that this is explained. Anybody might phish or get in touch with any person that suggests telephone and e-mail on his social network profile description in the same method even without the presence of the database. Social media themselves expose the information to outsiders– that is their company– open public networks and profiles. Those users who do not wish to supply info, make their accounts personal.”
Diachenko and his group discovered three similar copies of the database which were hosted at 3 different IPV6 addresses. Of the nearly 235m social networks profiles in the database, 191m records were scraped from Instagram, 42m were scraped from TikTok and nearly 4m were scraped from YouTube.
Each of the entries in the database includes a wealth of details on the users of these services whose information was scraped including their profile name, real name, profile picture, age, gender, engagement statistics and more.
While scraping user data from social networks websites is not illegal, stopping working to protect this data after it has been collected poses a serious risk to the affected users as cybercriminals could utilize the info from the database to target them online.
When the group connected to the now-defunct company, its demand was forwarded to a Hong Kong-based company called Social Data. While Social Data rejected having any connection to Deep Social, the firm did acknowledge the breach and had the ability to secure the exposed database with a password.
Security researchers have actually discovered an exposed database online which contains scraped information from the social networks profiles of almost 235m Instagram, TikTok and YouTube users.
For those unknown with the practice, web scraping is an automated method utilized to gather data from sites that is often employed by analytics companies who utilize it to develop big databases of user info. Although the practice is legal, it is strictly restricted by social media companies as it puts the privacy of their users and their data at risk.
Comparitechs lead researcher Bob Diachenko found 3 similar copies of the exposed database online at the beginning of August. After analyzing the database, Diachenko and his group found out that it came from a company called Deep Social which has actually shut down its operations.
Via The Next Web
” Please, note that the unfavorable undertone that the information has been hacked implies that the information was acquired surreptitiously. Anybody might phish or contact any individual that suggests telephone and email on his social network profile description in the very same way even without the presence of the database. Social networks themselves expose the data to outsiders– that is their company– open public networks and profiles.