Nearly 235 million social media profiles from Instagram, TikTok and YouTube exposed in data leak

A database including email addresses and phone numbers of Instagram, TikTok and YouTube users was left exposed on the web, according to a report

Hong Kong-registered Social Data says it only uses publicly available data, but web scraping is strictly against most social media platforms’ terms of use

Reading Time:4 minutes

Web scraping is an automated task that copies data and information from web pages in bulk. Photo: Reuters

Published: 6:07pm, 20 Aug 2020Updated: 10:09am, 21 Aug 2020

A Hong Kong-registered company that sells data on social media influencers has exposed as many as 235 million user profiles scraped from Instagram, TikTok, and YouTube on the web without a password or any other authentication required to access it, according to a report by British research firm Comparitech.

Security researcher Bob Diachenko, who leads Comparitech’s cybersecurity research team, uncovered three identical copies of a database which included names, contact information, images and statistics about followers on August 1, Comparitech said in the report on Wednesday.

The data was from a company called Social Data, which helps businesses “find influencers and get in-depth insights into demographic and psychographic data of influencers and their audience throughout different types of social media on the web”, according to its website.

The vast majority of the profiles were scraped from Facebook-owned Instagram, with the largest data sets including two with data from more than 95 million Instagram profiles each, while at least 42 million records from TikTok and nearly 4 million from Google-owned YouTube were also included in the database, according to the Comparitech report, which added that about one in five records contained either a phone number or email address.

The breach comes at a time when both Western and Chinese social media giants are coming under heavy scrutiny from governments over their data protection policies. Last year, Facebook agreed to pay a fine over the Cambridge Analytica scandal, which involved millions of Facebook users’ personal data being harvested without their consent and used for political campaigns including those related to the 2016 US Presidential Election and the UK’s referendum the same year on leaving the European Union.

TikTok has also been criticised by governments in countries including the US, India and France for its data collection practices. The short video app is now blocked in India and faces a similar ban in the US if it does not divest its American operations within 90 days, US President Donald Trump said last Friday.