Jim Wilson of Safety Detectives reports:
High-flying and rapidly growing Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over 400GB of personal data including several high-profile celebrities and social media influencers.
The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million social media users from around the world, using both populist consumer platforms such as Facebook and Instagram, as well as professional networks such as LinkedIn.
Read more on SafetyDetectives for a breakdown of how many records and what kind of data they found from each platform. Normally, I don’t report on all leaks discovered by researchers or firms, but there are two aspects to this one that are somewhat eyebrow-elevating here. The first is that this leak seems almost identical to a leak they had in August. The second is that they seem to have acquired non-public data. Safety Detectives writes:
Socialarks’ database contained scraped data including personal information, albeit user data was partially completed.
However, according to our findings, Socialarks’ database stored personal data for Instagram and LinkedIn users such as private phone numbers and email addresses for users that did not divulge such information publicly on their accounts. How Socialarks could possibly have access to such data in the first place remains unknown.
It’s a good question. As is the question of who Socialarks might be sharing their data with — either intentionally or unintentionally.