• About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, August 18, 2022
  • Login
UK Reporter
  • Home
  • News
    Folkestone Locals Demand Action Over Sewage Leak

    Folkestone Locals Demand Action Over Sewage Leak

    Car Ploughs Into Family On Holiday In Ramsgate Killing Two

    Car Ploughs Into Family On Holiday In Ramsgate Killing Two

    PC Grace Heads To National Police Bravery Awards

    PC Grace Heads To National Police Bravery Awards

    Police Dog ‘Oliver’ Gets Award

    Police Dog ‘Oliver’ Gets Award

    MP Gordon Henderson Wants Two Water Pipes To Supply Sheppey

    MP Gordon Henderson Wants Two Water Pipes To Supply Sheppey

    Police Appeal In Manhunt After Sittingbourne Assault

    Police Appeal In Manhunt After Sittingbourne Assault

    Police Would Like To Speak to Men Linked To New Ash Green Assault

    Police Would Like To Speak to Men Linked To New Ash Green Assault

    Two People Arrested After Murder In Margate

    Two People Arrested After Murder In Margate

    Bird Flu Is Circulating In Kent

    Bird Flu Is Circulating In Kent

    Police Appeal For Three Men Following Trouble In Swanley

    Police Appeal For Three Men Following Trouble In Swanley

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Politics
    Boris Pledges To Dump Lefty Policies In Survival Deal With Tory MPs

    Boris Pledges To Dump Lefty Policies In Survival Deal With Tory MPs

    Keir Starmer Calls For Boris Johnson To Resign

    Keir Starmer Calls For Boris Johnson To Resign

    Boris Attacks Remainer ”Double Standards” As PM Addresses VAT Brexit Claims

    Boris Attacks Remainer ”Double Standards” As PM Addresses VAT Brexit Claims

    Hypocrisy and political manipulation behind the so-called “democracy summit” in the US

    Hypocrisy and political manipulation behind the so-called “democracy summit” in the US

    Brexit: Johnson Strikes New Trade Deal With New Zealand PM, Ardern

    Brexit: Johnson Strikes New Trade Deal With New Zealand PM, Ardern

    Brexit Trade Dispute: UK And EU Continue To Talk But Remain At Odds

    Brexit Trade Dispute: UK And EU Continue To Talk But Remain At Odds

    Trending Tags

    • Business
      Using a Debt Collection Agency post Covid in the UK

      Using a Debt Collection Agency post Covid in the UK

      National Grid to buy US wind and solar energy developer

      National Grid to buy US wind and solar energy developer

      Trump blasts Democratic demands for postal-service money, saying mail-in voting would be ‘fraudulent’

      Trump blasts Democratic demands for postal-service money, saying mail-in voting would be ‘fraudulent’

    • Technology
      Get 3 months of audiobooks for 99p in surprise Audible deal

      Get 3 months of audiobooks for 99p in surprise Audible deal

      Best iPhone 13 case deals this August

      Best iPhone 13 case deals this August

      From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

      From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

      The five biggest announcements from the Behaviour Beyond showcase

      The five biggest announcements from the Behaviour Beyond showcase

      Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’

      Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’

      Is it illegal to share private WhatsApp messages in the UK?

      Is it illegal to share private WhatsApp messages in the UK?

    • Opinion
    • Sports
      Can You Recognise These Gills Fans?

      Can You Recognise These Gills Fans?

      How to choose a spin bike (3)

      How to choose a spin bike?

      Open Training Session For Tunbridge Wells Reserves

      Open Training Session For Tunbridge Wells Reserves

      Cray Valley Ladies FC Looking For New Players

      Cray Valley Ladies FC Looking For New Players

      Magene MG70 Electromagnetic Indoor cycling bike

      Magene MG70 Electromagnetic Indoor cycling bike

      Millwall FC Plan New Training Complex In West Kingsdown

      Millwall FC Plan New Training Complex In West Kingsdown

      Trending Tags

      • Health
        I delayed my smear test but artificial intelligence gave me a second chance at life

        I delayed my smear test but artificial intelligence gave me a second chance at life

        Claudia Winkleman, Christine Lampard and Tyrone Mings revealed as judges for our Who Cares Wins awards

        Claudia Winkleman, Christine Lampard and Tyrone Mings revealed as judges for our Who Cares Wins awards

        City with UK’s smelliest blokes revealed…and nearly half of them refuse to use deodorant

        City with UK’s smelliest blokes revealed…and nearly half of them refuse to use deodorant

        Davina McCall to host Who Cares Wins awards – and says to get the tissues ready

        Davina McCall to host Who Cares Wins awards – and says to get the tissues ready

        Take these 10 steps to live a longer life – from delaying breakfast to list-making

        Take these 10 steps to live a longer life – from delaying breakfast to list-making

        UK monkeypox cases rise to 2,432 as Brits told ‘check yourself for symptoms before sex’

        UK monkeypox cases rise to 2,432 as Brits told ‘check yourself for symptoms before sex’

        Trending Tags

        • Lifestyle
          Why volumetric concrete is the best choice for smaller scale self-build and DIY projects

          Why volumetric concrete is the best choice for smaller scale self-build and DIY projects

          AVRillo Rated As The Top Conveyancer In London

          rivage sunglasses

          RIVAGEUK: The Best Watches And Sunglasses Brand That Will Take Your Style To The Next Level

          wheelchair accessible vehicle

          Wheelchair Accessible Vehicles: What You Need To Know

          How to Stop a Leaking of Your Pen

          Classy and Unique Designs Of Your Favorite Jewellery | Bespoke Jewellery London

          Classy and Unique Designs Of Your Favorite Jewellery | Bespoke Jewellery London

        • World
        • Lifestyle
        • Press Release
        No Result
        View All Result
        UK Reporter
        No Result
        View All Result
        Home Technology

        235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak

        by pakamin
        August 31, 2021
        in Technology
        Reading Time: 4min read


        The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak.

        Business card-style security and privacy guides given away on Safer Internet Day to Instagram, TikTok and YouTube users
        235 million social media users warned of phishing risk following data exposure
         
        DPA/PICTURE ALLIANCE VIA GETTY IMAGES

        Recently there has been a spate of reports concerning account data appearing on dark web cybercrime forums. From the dark web audit suggesting there are currently 15 billion stolen logins from 100,000 breaches out there, to the hacker giving away 386 million stolen records for free. Not all of this data will have been hacked, at least not in the usual sense of the word: some, as was likely the case in the Utah Gun Exchange incident, will have been exposed by an unsecured database.

        The unsecured database problem

        Unsecured databases are fast becoming such a huge data protection problem that it’s thought a vigilante security researcher is behind the spate of “Meow” attacks that have overwritten the indexes of thousands of such databases. And it was such an unsecured database that the Comparitech researchers, led by Bob Diachenko, discovered on August 1, leaving the personal profile data of nearly 235 million Instagram, TikTok and YouTube users up for grabs.

        The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

        Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information:

        • Profile name
        • Full real name
        • Profile photo
        • Account description

        Statistics about follower engagement, including:

        • Number of followers
        • Engagement rate
        • Follower growth rate
        • Audience gender
        • Audience age
        • Audience location
        • Likes
        • Last post timestamp
        • Age
        • Gender

        “The information would probably be most valuable to spammers and cybercriminals running phishing campaigns,” Paul Bischoff, Comparitech editor, says. “Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation,” Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers.

        Tracing the source of the leaked data

        So, where did all this data originate? The researchers suggest that the evidence, including dataset names, pointed to a company called Deep Social. However, Deep Social was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

        A Facebook company spokesperson told me that “scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection.”

        Once the researchers found the database and the clues to its origin, “we sent an alert to Deep Social, assuming the data belonged to them,” Bischoff says. The administrators of Deep Social then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. “Social Data shut down the database about three hours after our initial email,” Bischoff says.

        Social Data responds to the database exposure incident

        Social Data has denied any connection between itself and Deep Social, according to the Comparitech report. It should also be made clear that the data leaked, social media public profile data is available to anyone who visits the accounts of the users concerned. However, the phishing risk is clearly amplified once such a hoard of profiles is collected together in a well-structured database. It isn’t known at this time how long the database was exposed without a password before the August 1 discovery. The Comparitech report points out that: “Our honeypot experiments show that hackers can find and attack unsecured databases within hours of being exposed.”

        I reached out to Social Data, and a spokesperson provided the following statement:

        “We collect data and enrich it with additional useful insights solely on behalf of our reputable customers, who use it strictly for the intended purposes. It is extremely sad that this incident has occurred due to a mixture of unfortunate events. However, as soon as we learned of the incident, we fixed it immediately. We have since been closely working with the information security experts on auditing our security infrastructure and increasing the required levels of information security to avoid similar occurrences in the future.”

        I have also reached out to TikTok and Google GOOGL -0.7%, who, at the time of publication, were both still looking into the matter and unable to provide a statement. I will, of course, update this story if this changes.

        Advice for concerned Instagram, TikTok and YouTube users

        Meanwhile, I would advise users of all the services affected, Instagram, TikTok and YouTube, to be especially alert to phishing scams by email or posted as social media comments.

        Meanwhile, if your company has any databases “in the cloud” then I would strongly recommend you audit the access permissions and make sure these are not open to anyone who comes looking. Elastic has an excellent guide to securing Elasticsearch deployments.

        Original Source

        The post 235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak appeared first on Trax News.



        Source link

        Related Posts

        Get 3 months of audiobooks for 99p in surprise Audible deal

        Get 3 months of audiobooks for 99p in surprise Audible deal

        SOME of the best deals you’ll find on Amazon are on its very own products and services. Here’s the...

        Best iPhone 13 case deals this August

        Best iPhone 13 case deals this August

        DROPPING your £1000 phone on the gravel driveway is a heart stopping moment but trustworthy phone cases can ease...

        From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

        From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

        SHAUN the Sheep has been revealed as the first ‘astronaut’ to fly on Nasa’s next big Moon mission. The...

        Popular

        • Folkestone Locals Demand Action Over Sewage Leak
        • Get 3 months of audiobooks for 99p in surprise Audible deal
        • Car Ploughs Into Family On Holiday In Ramsgate Killing Two
        • Best iPhone 13 case deals this August
        • UK Trials Roadside Van That Detects If Drivers Are Holding Their Phone
        • PC Grace Heads To National Police Bravery Awards
        • From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed
        • Paramount+ Hits 43 Million Subscribers As Streaming Rivals Struggle
        • Police Dog ‘Oliver’ Gets Award
        • The five biggest announcements from the Behaviour Beyond showcase
        • About
        • Advertise
        • Privacy & Policy
        • Contact

        Copyright © 2021 UK Reporter.co.uk.

        No Result
        View All Result
        • Home
        • News
        • Politics
        • Business
        • Technology
        • Opinion
        • Sports
        • Health
        • Lifestyle
        • World
        • Lifestyle
        • Press Release

        Copyright © 2021 UK Reporter.co.uk.

        Welcome Back!

        Login to your account below

        Forgotten Password?

        Create New Account!

        Fill the forms below to register

        All fields are required. Log In

        Retrieve your password

        Please enter your username or email address to reset your password.

        Log In