1 min read.Updated: 22 Oct 2021, 11:33 AM ISTTeam TC
Leaked records include screenshots and links to profile pictures in addition to personal data, such as full usernames, user bio, email address, phone number, location data, media and follower counts
Listen to this article
NEW DELHI: Security researchers at Safety Detectives have stumbled upon an unsecured server that contains scraped data on millions of Instagram and TikTok users. The total size of the leaked data was 3.6 GB and included over 2.6 million records of social media users including high profile food bloggers, celebrities, and social media influencers such as Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray.
According to Safety Detectives' estimates, over 2 million social media users could be impacted by the exposed server.
The compromised ElasticSearch server reportedly belongs to a social media analytics site IGBlade.com, which uses analytics tools to track follower growth, engagement rates and account history along with several other metrics of any Instagram or TikTok account. Safety Detectives informed IGBlade about the compromised server on July 5 this year and found that they had secured it on the same day.
During the discovery, Safety Detectives found that IGBlade’s ElasticSearch server was not using any authentication or security features to protect the data, leaving it exposed and accessible to anyone who found the server. The exposed server was getting updated with new information even as researchers discovered the leak.
According to Safety Detectives, the leaked records include screenshots and links to profile pictures in addition to personal data, such as full usernames, user bio, email address, phone number, location data, media and follower counts.
IGBlade's requires users to create an account on its platform to avail of the company's services. Safety Detectives found that the scraped data of users on the exposed server matches the user’s corresponding IGBlade.com page.
The security researchers posted screenshots of cached profile pictures and links to some of the leaked accounts on their website as part of their discovery.