Socialarks, a Chinese social media management company, recently suffered a massive data breach that exposed over 400GB of users’ personally identifiable information (PII).
According to the researchers from Safety Detectives, an unsecured ElasticSearch database leaked the personal data of over 214 million social media users, globally, including celebrities and social media influencers. The database was left online without password protection, allowing anyone in possession of the server IP-address to access it.
The researchers found that the exposed data was illegally scraped from various social media profiles on Facebook, Instagram, and LinkedIn.
What Data are Exposed?
While the researchers found 318 million records in the exposed 408GB data dump, the exact number of affected users remains unknown. The leaked database contains:
- More than 11 million Instagram user profiles, including names, phone numbers, usernames, profile pictures, email addresses, average comment count, number of followers and following count; country of location, frequently used hashtags, and locations
- Nearly 82 million Facebook profiles including full names, contact details, email addresses, Messenger IDs, Like, Follow and Rating count; Facebook link with profile pictures, website link, profile description, and pictures
- Around 66 million LinkedIn user profiles containing full names, email addresses, employment details, job profile including job title and seniority level, LinkedIn profile link, user tags, domain name, connected social media account login names, company name, and revenue margin
What’s the Impact?
Cybercriminals often exploit scraped or leaked content for various malicious operations. “In some cases, scraped data can be weaponized to carry out a specific goal of extracting personal information for criminal purposes. Potential ramifications of exposing personal information include identity theft and financial fraud conducted across other platforms including online banking. Contact information can be harnessed to target people with targeted scams including sending personalized emails containing other personal information about the target, thereby gaining their trust, and setting the stage for a deeper intrusion into their privacy,” Safety Detectives said.
What is Data Scraping?