The Chinese social media management company Socialarks had a large data leak that led to the exposure of more than 400 GB of personal information, including several celebrities and social influencers, the Israeli research laboratory The Safety Detective revealed on Monday.
According to Safety Detectives, which operates the world’s largest antivirus rating website, Socialarks’ insecure ElasticSearch database contains personally identifiable information (PII) from at least 214 million social media users around the world, using both popular consumer platforms such as Facebook and Instagram, as well as professional networks such as LinkedIn.
Facebook login. Photo: Shutterstock
“The elastic case was discovered as part of Security Detective’s cyber security mission to detect online vulnerabilities that could potentially pose a risk to the general public,” wrote Jim Wilson, a researcher in the security staff. “Once the owner of the data has been identified, our team will notify the parties involved as soon as possible to reduce the risk of cyber-security breaches and leaks to the server.”
The Safety Detectives team found that the ElasticSearch server was publicly exposed without password protection or encryption during routine IP address checks on potentially unsecured databases.
“The lack of security hardware on the company’s server meant that anyone who had the server’s IP address could access a database containing millions of people’s private information,” Wilson added.
According to Anurag Sen, head of the cyber security team of Safety Detectives, the database in question contains a large amount of sensitive personal information amounting to 408 GB and more than 318 million records in total.
Safety Detectives’ research team was able to determine that the entire information leaked was’ scraped ‘from social media platforms, highlighting it as unethical and in violation of the terms of service of Facebook, Instagram and LinkedIn.
Socialarks experienced a similar data breach in August 2020, exposing data from 150 million LinkedIn, Facebook and Instagram users.
Socialarks is headquartered in both Shenzhen and Xiamen, and according to the company, it is a “cross-border social media management company dedicated to solving the current problems of brand building, marketing, marketing, social customer management in China’s foreign trade.