Hundreds of millions of people have had been hit by a large-scale data breach, with high-profile celebrities and influencers among those reportedly impacted. At least 214million accounts for Facebook, Instagram and job networking site LinkedIn have been affected, according to researchers. Data that was targerted included e-mail addresses, phone numbers as well as users’ full names and – in some cases – specific location data.
The huge data breach was discovered by researchers at Safety Detectives, who outlined their findings in a post online. The report says over 400GB of personal data was from stolen Chinese social media management company Socialarks.
The firm’s unsecured ElasticSearch database was targeted, with more than 318million records being seized. Safety Detectives said this database was created after user data was “scraped” from Facebook, Instagram and LinkedIn.
This practice is in violation of these tech giant’s terms of service.
However, if there is a silver lining, it means that sensitive information such as passwords or financial information has not been divulged in the data breach.
Researchers did say that though that Socialarks database did include information that wasn’t publicly available on user accounts. They said: “Socialarks’ database contained scraped data including personal information, albeit user data was partially completed.
“However, according to our findings, Socialarks’ database stored personal data for Instagram and LinkedIn users such as private phone numbers and email addresses for users that did not divulge such information publicly on their accounts. How Socialarks could possibly have access to such data in the first place remains unknown.”
Safety Detectives said they discovered the database vulnerability last month, and contacted Socialarks as soon as they confirmed the Hong-Kong based firm were the server owners. The server was secured on the same day.
Discussing the threat that now faces users whose data was in the leaked database, Safety Detectives said: “In some cases, scraped data can be weaponised to carry out a specific goal of extracting personal information for criminal purposes. Potential ramifications of exposing personal information include identity theft and financial fraud conducted across other platforms including online banking.
“Contact information can be harnessed to target people with targeted scams including sending personalised emails containing other personal information about the target, thereby gaining their trust, and setting the stage for a deeper intrusion into their privacy.”
They added: “Sharing personal information such as first and last name, physical and email address and mobile phone number can be weaponised by nefarious hackers to launch ‘mass attacks’.”
Advising social media users on how to stay safe online, the antivirus review website offered a number of pointers including making sure the site you’re on uses the secure HTTPS protocol, create secure passwords that combine letters, numbers and symbols as well as being wary about e-mails you receive and what links you click on in these messages.
Published at Thu, 14 Jan 2021 06:01:00 +0000