SocialArks data breach has left over 200 million social media users’ personal and professional records exposed

A Chinese data-management firm SocialArks’ proclaims itself to be a “cross-border social media management company that solves the problems of brand building, marketing, social customer management in China’s foreign trade sector.” This company has recently become a target of cybercrime when personal and public details of about more than 214 million social media platforms including Facebook, Instagram, and LinkedIn users, which may include celebrities, and influencers got leaked through a faulty database and server.

SocialArks’ owns a database called ElasticSearch, and this misconfigured database contained personally identifiable information of users from social media platforms. Researchers at Safety Detectives found the affected server, which is hosted by Tencent during a routine security check.

As per the researchers, this server that got exposed on the internet without any security key, encryption, or passwords has all the data saved in segmented indices to save all the information from different social media sources.

The researchers found out that all the users’ data that was present on that server in the affected database was all scraped from various social media platforms. While web-scraping is allowed to some extent, platforms like Facebook, LinkedIn, Instagram, etc. do not allow it. Hence, this was a violation of the guidelines of these social platforms too.

Out of 318 million total records, around 11651162 user profiles were collected from Instagram, while 66117839 profiles came from LinkedIn users. Almost 81551567 profiles were from Facebook users. An additional 55300000 Facebook profiles were also there but they were deleted after a little while when the exposed server was found out.

All of this data included biographies, phone numbers, email addresses, the total number of followers, comments, most used hashtags, etc. Whatever activity these users were doing on their social platforms, some of that information was present in this database and it was all scrapped.

The problem is that whenever data from social media is scraped, it is inadvertent that some of the sensitive information also gets leaked. While it is important to use social networks sensibly without giving out too much of your private information, it is still a vulnerable thing and basically fortifies the fact that if something ever goes online in the data cloud, it remains there and never gets deleted.

However, people need to be careful about their information and the apps and sites that they allow to gather their data for ad targeting or other marketing purposes.

The SocialArks’ data contained private phone numbers and email addresses of social media users, celebrities, and influencers that they do not reveal on their social platforms. Now, this is where the mystery begins. If SocialArks’ was scraping all that data from the social sites, how did it manage to get its hands on the private data that was not available on those social sites? Does SocialArks’ use some other ways too to gather all the private information? And if it does, why it did not keep it all secure? Why was the breach even possible and why had SocialArks’ not taken enough measures to protect the public and private data of all these 318 million users?

Photo: monsitj / Getty /iStock

Read next: JustGetMyData Provides Users With A Decent Database Of URLs Highlighting Their Online Information
Previous Post Next Post