Comparitech specialists found an exposed database containing almost 235 million profiles of Instagram, TikTok and YouTube users.
The database belongs to Social Data and contains a large amount of information, including login, real name, avatar and profile description. One in five records contains a phone number or email address.
The data are stored in four datasets, two of which hold more than 90 million Instagram profiles each, another 42 million TikTok accounts, and the last 3.9 million YouTube accounts.
Researchers suggested that much of the data was originally gathered by the now-defunct Deep Social. The Instagram dataset names — accounts-deepsocial-90 and accounts-deepsocial-91 — hint at this.
Social Data closed access to the database about three hours after Comparitech researchers alerted them. Experts do not know how long the data had been exposed. They believe that hackers locate and attack unsecured databases within a matter of hours.
Comparitech noted that the information contained in the database could be useful for organisers of marketing and phishing campaigns. Profile data could also be used by scammers to create fake accounts.
The database contains information publicly accessible online, but its danger lies in the aggregation of a large volume of data, experts stressed.
Earlier, hackers from Anonymous accused TikTok of mass surveillance of users and the transfer of data to Chinese authorities.
Follow ForkLog news on Twitter!