Chinese start-up leaks 400GB of scraped data exposing over 200 million Facebook, Instagram and LinkedIn users
Israel-based research lab The Safety Detective revealed the leak by social media management company Socialarks which included personal data of several high-profile celebrities and social media influencers
Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over 400GB of personal data including several high-profile celebrities and social media influencers, Israel-based research lab The Safety Detective revealed on Monday.
According to Safety Detectives, which runs the world’s largest antivirus review website, Socialarks' unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million social media users from around the world, using both popular consumer platforms such as Facebook and Instagram, as well as professional networks such as LinkedIn.
"The Elastic instance was discovered as part of Safety Detectives’ cybersecurity mission of discovering online vulnerabilities that could potentially pose risks to the general public," wrote Jim Wilson, Security Researcher in the Safety Detective research team. "Once the owner of the data is identified, our team then informs the affected parties as soon as possible to mitigate the risk of any cybersecurity breaches and server leaks."
Safety Detectives' team found the ElasticSearch server to be publicly exposed without password protection or encryption, during routine IP-address checks on potentially unsecured databases.
"The lack of security apparatus on the company’s server meant that anyone in possession of the server IP-address could have accessed a database containing millions of people’s private information," added Wilson.
According to Anurag Sen, head of the Safety Detectives cybersecurity team, the affected database contained a “huge trove” of sensitive personal information to the tune of 408GB and more than 318 million records in total.
Safety Detectives' research team was able to determine that the entirety of the leaked data was “scraped” from social media platforms, which it highlighted as being both unethical and a violation of Facebook’s, Instagram’s and LinkedIn’s terms of service.
Socialarks suffered a similar data breach in August 2020 leading to data from 150 million LinkedIn, Facebook and Instagram users being exposed.
Socialarks is headquartered in both Shenzhen and Xiamen, and according to the company, it is a “cross-border social media management company dedicated to solving the current problems of brand building, marketing, marketing, social customer management in China’s foreign trade industry."