A Chinese data-scraping social media management firm named Socialaarks has exposed over 200 million users of Instagram, Facebook, and LinkedIn, as its entire 408 GB of data leaked online. The security incident resulted from a “typical” ElasticSearch server misconfiguration, which was set to public access without password protection.
As the contained data wasn’t encrypted, anyone with a web browser could access them. The instance was discovered by researcher Anurag Sen and the cybersecurity team at Safety Detectives.
Socialarks was scrapping public profiles from various platforms since 2014 when it came into existence. This data collection aimed to help in brand building, marketing, social customer management, etc.
The exposed set doesn’t contain only public data but also things that are hidden from public view or aren’t even provided to the platforms upon the creation of an account. Finding them bundled together and with linkage pointers between different platforms is great for scammers, spammers, and account hackers.
In detail, the researchers have found the following in the exposed server:
A further 55,300,000 Facebook profiles were also discovered, but that set was promptly deleted a few hours after the team discovered the server. So, this subset deserves a special categorization as it may have evaded hacker access.
As for the individual profile entries, these included the following details:
Clearly, not all of the entries are populated with all of the above, as some are platform-specific. Also, there are users from quite a few countries in the dataset, with the majority being from the United States, the UK, India, Italy, Brazil, Australia, and Russia.
Finally, the leak includes high-profile celebrities and social media influencers (on Instagram) with a particularly high number of followers, so for these people having their details leaked the chances of finding hacker trouble are way higher.
From now on, beware of scamming attempts, messages informing you that you need to take action with your accounts, and even malware distribution campaigns. The chances of this data not being exfiltrated by malicious actors are already slim, so treat the aforementioned information as compromised.