A security researcher has found a database with almost
235 social media profiles scraped from the Internet, likely belonging to Social
Public user data is precious, and many companies want to
gather it and sell it. Social media networks represent one of the best sources of
this information. Many users keep their profiles open, allowing companies such
as Deep Social to collect that data and compile it further.
Bob Diachenko from Comparitech
found three identical copies of the database online, with profiles taken from YouTube,
TikTok and Instagram. While the database belonged to Social Data, the evidence
point toward Deep Social, another company used to scrape data from online
sources and has since dissolved.
After social media networks found out about Deep Social’s
practices, they banned their APIs from collecting data, but many other
companies continue this type of operation.
According to Comparitech, the data contained names,
contact information, personal information, images and statistics. A few hours
after the incident was reported, Social Data took the databases down.
It’s easy to assume that a user might not have sensitive
information in one social media profile, but scraping reveals multiple sources
for one person. Compiling data from different sources creates a clearer image
of the digital persona, showing trends, preferences, spending habits, political
preferences, location and other information.
Besides the legal aspect, the biggest issue is that
social media networks prohibit this kind of data gathering as it violates their
user policies. This hasn’t stopped companies from gathering data, but it’s
challenging to identify traffic from organizations such as Social Data.
While Social Data denies collecting data not already
available online, the simple act of scraping and matching public data is not
“Anyone could phish or contact any person that indicates
telephone and email on his social network profile description in the same way
even without the existence of the database,” said Social Data’s spokesperson in
an email to Comparitech. “Social networks themselves expose the data to
outsiders – that is their business – open public networks and profiles. Those
users who do not wish to provide information, make their accounts private.”