Woman looking through social media profiles

What Happened

On August 19, 2020, researchers at Comparitech uncovered an unsecured database with 235 million Instagram, TikTok, and YouTube user profiles exposed online. The ownership of this latest data leak was traced to a defunct social media data broker, Deep Social, who forwarded the breach notification to Social Data.

In 2018, Deep Social was banned from using the Instagram and Facebook platforms for marketing the sale of “scraped” influencer information, a practice that is against the social media networks’ terms of use. Data scraping, or web scraping, is a process in which specific data is collected and copied from the web. It is then pasted into a central local database or spreadsheet, used for analysis, and often sold for-profit.

The scraped profile information in the data leak includes names, ages, genders, profile photos, account descriptions, statistics about follower engagement and demographic such as number of likes, followers, follower growth rate, engagement rate, audience demographic (gender, age, and location), and whether the profile belongs to a business or has advertisements.

Should I Be Worried?

Social media networks have increased in popularity during the current pandemic. In July 2020, there was a 10.5% usage increase compared to the previous year, based on research by GlobalWebIndex. As it is the second most-most popular digital activity, the sharing of information within profiles and publicly accessible information is something consumers generally need to understand.

Although no Personally Identifiable Information (PII), emails or passwords were exposed through the Deep Social exposure, the threat in this data leak lies in the fact that the information on our social media user profiles is being sold daily to any number of companies. In the hands of cybercriminals, this data can be used to create fake profiles or establish a fake identity with pieces of real information, known as synthetic identity theft. These imposter accounts and account takeovers through social media can also lead to fraudsters scraping even more personal information, targeting you and your connections through social engineering such as phishing, then buying and selling your personal information on the Dark Web.

With no end in sight to current social distancing requirements, children too are increasingly communicating and interacting through these social media networks. Keep informed on the latest COVID-19 scams and fraud targeting you and your family on- and offline.

3 Tips to Protect Yourself

  1. Take charge of what you share. Control how much personal information you share (full name, date of birth, where you live, names of family members, email addresses, phone numbers). Also, take note of who sees your posts/updates and profile information by updating account settings on each social platform.
  2. Be attentive to links and ads on social media. Be wary of social posts and ads that appear on your timelines. They could be part of a “phishing” attack that redirects you to a fraudulent website in order to steal your personal or sensitive information.
  3. Safeguard your device with Mobile Protection. Invest in a mobile solution that alerts you of rogue applications, spyware, and unsecured Wi-Fi connections for added security.