Huge data leak shows data scraped from over 214 million social media accounts
According to cybersecurity analysts, a major data leak has revealed a huge trove of information scraped from more than 214 million Facebook, Instagram and LinkedIn profiles, and stored on an unsecured server.
The SafetyDetectives cybersecurity team reports in a report given to 9News that about two million Australian social media users were among those found on a database belonging to Socialarks, a Chinese social media management firm.
A screen grab that seems to display statistics of a variety of Australian Facebook users from most states and territories has also been viewed.
Although much of the data is now publicly available on social media, phone numbers or email addresses that have not been disclosed on profiles have been listed in some instances.
Lead researcher Anurag Sen said his team was able to access more than 400 GB of data and more than 318 million records that were left "completely unsecured … without password protection or encryption" by searching for online vulnerabilities.
"From the leaked data we discovered, it was possible to determine people's full names, country of residence, place of work, position, subscriber data and contact information, as well as direct links to their profiles," he said.
He said that while most data-scraping was done for legitimate business and marketing purposes, it could potentially be exploited by criminals and used for identity theft or to threaten people with scams if it was not stored with proper security.
His team, which operates the largest antivirus review website in the world, believes that after they reported the problem to Socialarks, the database was secured.
While it is not illegal to scrap data, it is against the terms and conditions of major social media firms.
Alaistair MacGibbon, CyberCX Chief Development Officer, former National Cyber Security Advisor and director of the Australian Cyber Security Centre, told 9News that certain businesses had a responsibility to do something to avoid bots from scraping user data.
"They should be able to detect when a computer is accessing a million records in the space of a few minutes, and they need to shut it down," he said.
They need to realize that the person who would expect them to stop mass scraping is entrusting them with data.
"It's not private data but it's information that has been given to a website for a purpose, you expect it to only be used for that purpose."
Tech expert Trevor Long said the apparent scale of the scraped knowledge database made it "one of the most significant we've seen"
He said that when data from many online sources were amalgamated, problems may arise.
"I think situations like this are reality checks for people – you've got your email over there and your phone number over there, but using data-scraping tools, all that information can be brought together in one place," he said.
"I think that's the risk people don't normally see."
Socialarks, based in China in Shenzhen and Xiamen, did not respond to requests for comment from 9News.
It describes itself as a "cross-border social media management company dedicated to solving the current problems of brand-building, marketing, social customer management in China's foreign trade industry"