YouTube, Instagram, TikTok: 235 million accounts leaked to the network




A database with personal information about 235 million users of Instagram, TikTok, and YouTube was publicly available without any protection. Names, contacts, photos, and statistics about followers were found in it. It is reported that this database was created using the so-called web scraping — a technique for automatically collecting information from various web pages.





Cybersecurity researchers have found an unprotected database on the network containing the personal information of 235 million Instagram, TikTok, and YouTube users, according to information security company Comparitech.

Every fifth record from the merged database contained the user's email or phone number. In addition, in all entries, without exception, one could find the account name, the real name of the user, his photo, and profile description. Detailed statistics about followers were also available, including a breakdown by age, gender, geolocation, and other indicators.

“This information will be the most valuable for spammers and cybercriminals conducting phishing campaigns. Even though the data is publicly available, the fact that it has been merged into a well-structured database makes it much more valuable than each profile individually, ” said Comparitech editor Paul Bischoff.


Indeed, the data in question was publicly available on the Internet before being merged into a separate database. They were collected as a result of the so-called web scraping — a technique for automatically collecting information from various web pages for further use. Although web scraping is legal, many internet companies prohibit the practice to protect their own users.





The data collected as a result of web scraping is used by statistical companies for their own projects or resale to other companies.

However, as Bischoff rightly pointed out, a whole database that is openly available in an insecure form without a password is a serious cybersecurity threat.


Comparitech lead researcher Bob Dyachenko was able to establish that the database in question had previously belonged to Deep Social, which had already ceased to exist. It is known that earlier she was caught in web scraping of these services, which prohibited such collection.

“Collecting data from Instagram is a clear violation of our policies. We restored Deep Social's access to our platform in June 2018 and sent them an official notice to ban further data collection, ” a Facebook spokesman said in a comment for Forbes.

“TikTok prioritizes user privacy. Our policies prohibit third parties from running automated scripts to collect information from our services, including information that is publicly available. If we identify any such practice, we will immediately take action, including with the help of the court, ”- said the press service of TikTok.

Google, which owns YouTube, was unable to provide a prompt comment.

The problem of voluminous publicly available databases became so acute that nameless heroes began to appear, removing them from the Internet. For example, in July, an unusual hacker attack was recorded — attackers hacked over a thousand unprotected archives with information, and then erased them, leaving only lines of random numbers and the word “meow” in place of the deleted information.





Views: 137

TAGS: TECHNOLOGIES

Add a comment!

Your name:
Your Email:
  • bowtiesmilelaughingblushsmileyrelaxedsmirk
    heart_eyeskissing_heartkissing_closed_eyesflushedrelievedsatisfiedgrin
    winkstuck_out_tongue_winking_eyestuck_out_tongue_closed_eyesgrinningkissingstuck_out_tonguesleeping
    worriedfrowninganguishedopen_mouthgrimacingconfusedhushed
    expressionlessunamusedsweat_smilesweatdisappointed_relievedwearypensive
    disappointedconfoundedfearfulcold_sweatperseverecrysob
    joyastonishedscreamtired_faceangryragetriumph
    sleepyyummasksunglassesdizzy_faceimpsmiling_imp
    neutral_faceno_mouthinnocent
The code:
Кликните на изображение чтобы обновить код, если он неразборчив
Enter a code: