Security researchers detected over two million social network user accounts scraped from the internet after they were unintentionally posted online by an analytics firm.
Anurag Sen's team at reviews site SafetyDetectives discovered the data on a misconfigured Elasticsearch server that had been left accessible with no password security or encryption in place.
It instantly traced the 3.6GB trove of over 2.6 million TikTok and Instagram accounts to IGBlade, a company that delivers marketing information on social media users to its clients.
The researchers wrote, “The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” this is how we know the database belongs to IGBlade.com.”
Although data scraping is not unlawful, and all of the user information in the leaked database was publicly available, it violates TikTok and Instagram's terms of service.
The breach might also benefit cyber criminals, who can use the enormous amount of user information collected in one place to facilitate mass social engineering and fraud schemes.
As per the report, the compromised data was publicly available online for more than a month before the research team discovered it and contacted IGBlade. The Romanian company obtained it on the same day, July 5.
The database contained complete names and usernames, profile images, "about" information, email addresses, phone numbers, and geographical data. Celebrities such as Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray have all been caught up in the privacy issue.
According to SafetyDetectives, the disclosure might find IGBlade in hot water with the two social media behemoths.
Furthermore, if thieves had access to the trove, they might utilise it in subsequent phishing attempts and bulk robocalling frauds. They might even utilise the collected profile pictures to build new bogus profiles for disinformation and fraud operations.
SafetyDetectives stated, “Data scraping can make information for thousands or millions of users instantly accessible, as it’s all stored in the same place. For example, navigating logs in a database is a far quicker solution than navigating between each user on a social media site.”
“In this case, cyber-criminals can use data scraping as a cybercrime accelerant rather than an enabler. It can accelerate the speed and scope of hackers’ criminal activities.”
