The unsecured cloud database properly exposed personal information for more than 235 million TikTok accountsInstagram AndThe YouTube.
The Hong Kong-based company (Social Data) was (unintentionally) storing the data in a database without proper password protection, which means that anyone can access it and see it, which is very sad for a company of this size .
Cybersecurity firm Comparitech discovered the vulnerability and reported it to Social Data, which fixed it right away – but others with malicious intent may have found it.
Comparitech says The database has stored the following information for the affected accounts:
- Account name.
- Full real name.
- profile picture.
- Account description.
- Whether the profile belongs to a company or has ads.
- Statistics on follower engagement, including: Number of followers; Participation rate; Follower growth rate, audience type, audience age, and audience location.
- The timestamp of the last post.
It has also maintained phone numbers and email addresses for at least 20 percent of the accounts listed above.
Why is this breach so big for TikTok, Instagram, and YouTube accounts?
Large-scale data breaches are common, but this specific case is different: the fact that the information was kept in an incorrectly secured database was a problem, but in this case, all the information was publicly available instead of putting in private passwords or locking out data. Financial. This means that accessing the saved data is less of a hack and more of a general data security mistake – although it is a very fatal mistake – considering the diversity of information that the database consolidates into one location.
Look at it this way: Knowing a person’s full name and email isn’t enough to hack their accounts – you can find this using Google search and some social media experts – and companies know this. But having a person’s name, email, phone number, account names, street address, age, and mail history all in one place creates a convenient basis for identity theft.
What should you do now?
It’s important to always update the security of your account in response to leaks on TikTok, Instagram and YouTube – including your passwords – and we encourage you to do so if you are concerned about social media slips. This is also an excellent reminder to anonymize your data whenever possible.
We are not saying you need to delete your accounts or make everything private, but the more connected you are to the internet, the more security you need.
Even if you’re nice to people who know your first name in theory, if someone can match that name to an email or phone number, they can match the password, and it might even be leaked.
The hacked social data database is one of those unexpected cases of badly processed user data which can hand your information to the wrong people. Ultimately it is up to the users to keep them safe.
Track the data that social media platforms collect about you and block as much personal information as possible.You can even use a different name, email address, or other false identifying information when creating new accounts.
If the website requires information like your date of birth or street address, make sure it is not visible to the public, or just fabricate it. The less companies know about you, the better; Don’t give them more information than the basics you need to use the service, and it will be difficult to tie your digital life together when a breach like this happens again.