FACEBOOK and Instagram fans have been put on high alert after a massive data breach exposed the personal data of 200million people.
The leak, which also affected users of networking app LinkedIn, included “personally identifiable” details of several A-list celebs and influencers.
3
According to cyber security buffs at Safety Detectives, hackers got hold of the data through Chinese social media management company Socialarks.
In total, more than 400 Gigabytes of data was scraped by the company and stored in an unsecured server operated by the high-flying start-up.
It’s unclear whether hackers accessed the database before it was locked down last month.
If they did, users are at risk of financial fraud and identity theft alongside multiple other threats.
3
“The company’s unsecured ElasticSearch database contained personally identifiable information from at least 214million social media users from around the world,” researcher Jim Wilson wrote in a blog post on Monday.
“Our team found the server to be publicly exposed without password protection or encryption.”
The data included details from more than one million Instagram profiles, 81million Facebook accounts and 66million LinkedIn users.
A further 55million Facebook profiles were also exposed, though data from these accounts was deleted within a few hours of the discovery, Wilson said.
“The lack of security apparatus on the company’s server meant that anyone in possession of the server IP-address could have accessed a database containing millions of people’s private information,” he added.
The Socialarks server contained private data scraped from people’s profiles.
Data scraping is a means of using special software to hoover up information from a website. It is banned by Facebook and Instagram’s terms of service.
3
Scraped data included people’s names, profile pictures, follower counts, location settings as well as contact information in the form of email addresses and phone numbers.
Data hoarding often involves the collection of publicly available data, such as your name or age.
Researchers do not know how Scoailarcs got hold of private information – such as contact details – that are usually hidden on people’s profiles.
“Socialarks’ database stored personal data for Instagram and LinkedIn users such as private phone numbers and email addresses for users that did not divulge such information publicly on their accounts,” Wilson said
“How Socialarks could possibly have access to such data in the first place remains unknown.”
According to researchers, data from the Instagram accounts of several high-profile influencers was also exposed.
They included prominent food bloggers, celebrities and other social media stars. Safety Detectives did not reveal the identities of those affected.
How to stay safe from hackers
- Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats.
- Use multi-factor authentication to reduce the impact of password compromises.
- Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly.
- Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions
- Prevent and detect lateral movement in your organisation’s networks.
Wilson said sensitive information like passwords and financial details were not disclosed in the breach.
The unsecure database was discovered last month and researchers immediately contacted Shenzhen-based Socialarks to warn them.
The server was secured the same day.
Discussing the threat that now faces affected users, Wilson said: “In some cases, scraped data can be weaponised to carry out a specific goal of extracting personal information for criminal purposes.
“Potential ramifications of exposing personal information include identity theft and financial fraud conducted across other platforms including online banking.
“Contact information can be harnessed to target people with scams including sending personalised emails containing other personal information about the target, thereby gaining their trust, and setting the stage for a deeper intrusion into their privacy.”
He added: “Sharing personal information such as first and last name, physical and email address and mobile phone number can be weaponised by nefarious hackers to launch ‘mass attacks’.”
The Sun has reached out to Socialarks for comment.
Facebook is sued over ‘illegal monopoly’ claims and told to sell off Instagram and WhatsApp by US gov
MAJOR PLAYER
PS5 stock dropped TODAY at Argos, Smyths, Currys, Game, Amazon and John Lewis
G-WHIZ!
O2 rolls out 5G to 150 towns and cities in UK – is yours on the list?
BACK TO THE FUTURE
Flying Cadillac will let you dodge traffic and get to work in minutes
BAD CHAT
Desperate WhatsApp scrambles to keep users with promise Facebook won’t read texts
WILLY LET ME OUT OF HERE?
Hacker ‘locks up victims’ PENISES’ using ‘smart’ chastity cages
LOCKED OUT
Programmer has just TWO password guesses left to access £180m account
In other news, a bizarre bug unearthed this year could have allowed snoopers to spy on your WhatsApp chats.
Dozens of people are suing Amazon after vile hackers shouted racial abuse and death threats through their Ring security cameras.
And, here’s how to find out if your password has been leaked by hackers.
What do you think of the data breach? Let us know in the comments!
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
