235M TikTok, Instagram, and YouTube profiles caught up in data breach

By Stephen Warwick
published

The profiles had been extracted through a process called web scraping, and stored without password protection.

YouTube Premium on a Galaxy S9
YouTube Premium on a Galaxy S9 (Image credit: Joe Maring / Windows Central)

YouTube Premium on a Galaxy S9

Source: Joe Maring / iMore (Image credit: Source: Joe Maring / iMore)

What you need to know

  • The profiles of 235M TikTok, Instagram, and YouTube users have been exposed.
  • A database without password protection was discovered containing all the information.
  • It had been collected by a company called Deep Social and stored online without a password.

A new report says that the user profiles of 235M TikTok, Instagram, and YouTube users were exposed in a data breach after the information was collected through web scraping.

According to TNW:

A databased containing scraped data of nearly 235 million social media users from Instagram, TikTok, and YouTube was exposed without any password protection. It contained user information such as names, contact info, images, and stats about followers.Web scraping is a technique of gathering data from web pages in an automated manner. While it's not illegal, social media companies prohibit this practice to protect user data. However, a lot of analytics companies create large databases of user information by using web scrapers on popular sites. Some of these companies often sell insights from these databases to other firms.

According to the report, security researcher Bob Diachenko discovered not one, but three identical copies of the database on August 1. It belonged to a company called Deep Social, which doesn't seem to exist anymore. As the report notes, web scraping isn't illegal, but firms like YouTube, TikTok, and Instagram all have policies prohibiting the practice. They had not commented on the breach at the time of publication. Deep Social, for its part, stated the data collected was all public:

Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all of the data is available freely to ANYONE with Internet access.

Whilst the individual data of someone on Instagram, TikTok, and YouTube might well be publicly accessible, I'm not sure that's the same as a collated database of 235M people.

Apparently, four major data sets included the details of some 235M users including their profile name, full name, profile photo, age, gender, and stats about how many followers the user had. You can read the full report here.