Exposed database affects millions of social media users

Everyone knows at this point, social media platforms draw cyber criminals like bears to honey…except these bears also have stingers.  Mixed metaphors aside, it’s not surprising when a database with 235 million profiles gets exposed online.  Containing accounts from Instagram, TikTok, and Youtube among others (many of which have had previous cybersecurity issues, to say the least), this data was discovered on servers owned by Social Data.  This Hong Kong-based firm sells social media data to marketers, so there was plenty of information to be gained from the database.  Names, photos, stats about follower “engagement” and interactions, ages, emails, and more were all included.

Unfortunately, in their response Social Data seems primarily concerned with their own image, rather than the security breach that falls at their feet.  Attempting to downplay matters, they try to rationalize by saying that “Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.” 

Couple of problems with that.  For one, do we know that private accounts weren’t included in the breach? If they were, consent was certainly not given.  But even with public accounts, trying to excuse a security failure with some equivocation concerning the social media themselves won’t fly.  You can guarantee the millions of users didn’t agree to having their data accessed in this manner, regardless of what status or photos they shared.  In addition, some of the data isn’t exactly the sort that’s just out in the open the same way as pictures.  In exposing audience information as well, anyone accessing the database can learn the ages, locations and genders of a user’s connections—something they definitely did not agree to, implicitly or otherwise.  Fair chance they also didn’t consent to the potential phishing and other types of fraud they could now be subjected to. 

Playing a round of Whataboutism when you’re caught lacking is a pretty shameful look for anyone.  And though it might not lead to anything in this case, negligence is resulting in harsher penalties these days.  You just have to look at Uber for evidence, now that its former CSO is being charged with attempting to cover up a 2016 hack, and could face a maximum of five years in jail for obstruction of justice.  The message being sent to those in charge is simple, and that is to do better.

By: Jonathan Weicher, post on August 26, 2020
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security