A major security breach has exposed the Internet a database with more than 400 GB of information that included the personal data of at least 214 million people, including very popular celebrities and influencers on Social Media.
The database belonged to a Chinese social media company that already suffered another security hole in the summer of 2020
The database belonged to the Chinese social media management company Socialarks, as reported by SafetyDetectives in a publication made on its corporate blog after identifying the owner of the database and alerting him of the security breach. Apparently the database was on the ElasticSearch search server, without any protection, and included information from at least 214 million users of social networks around the world.
According to the publication, the server exposed all the information in the database without encryption or protection by passwords, as they could see during their routines of checking IP addresses and databases without security. This means that anyone who had knowledge of the IP address of the server where the database was located, could have access to the personal information of users.
The database, with 408 GB of information and more than 318 million records corresponding to 214 million people, was composed of data obtained by performing “web scrapping” on social networks such as Facebook, Instagram and LinkedIn. According to the rules of use of these three social networks, scrapping your data (copying large amounts of information accessible or not from their servers) is an illegal practice.
Among the data that were in the database are the full names of the users, country of residence, place of work, profession … and even contact information that had never been publicly offered in their profiles on social networks, so they are not has been able to determine how they were obtained for the database. In total, there was information on more than 11 million Instagram profiles, 66 million LinkedIn profiles, and 81 million Facebook profiles.
It is not known whether anyone was able to access the exposed database without security or what they were able to do with the information they might have obtained from it. It should be noted that the Chinese company Socialarks already suffered another data leak from LinkedIn, Facebook and Instagram users last August, although in this case 150 million accounts were affected.