‘Huge trove’ of social media account data found on unsecured server

A massive data leak has exposed a “huge trove” of information scraped from more than 214 million Facebook, Instagram and LinkedIn accounts, and stored on an unsecured server, according to cyber security researchers.

A report provided to Nine News by research company SafetyDetectives claims about 2 million Australian social media users were among those found on a database belonging to Chinese social media management company Socialarks.

Cybersecurity experts say security issues can arise when user data from several online sources is amalgamated.

Nine News has also viewed a screengrab that appears to show details of a number of Australian Facebook users from most states and territories.

While most of the information is already publicly viewable on social media, it’s claimed in some cases phone numbers or email addresses were listed that weren’t divulged on profiles.

Lead researcher Anurag Sen said his team – which searches for online vulnerabilities – was able to access more than 400GB of data and more than 318 million records that were left “completely unsecured … without password protection or encryption”.

“From the leaked data we discovered it was possible to determine people’s full names, country of residence, place of work, position, subscriber data and contact information, as well as direct links to their profiles,” Mr Sen said.

He said while most data-scraping was done for legitimate business and marketing purposes, if it wasn’t stored with proper protection, it could potentially be accessed by criminals and used for identity fraud or to target people with scams.

His team, which runs the world’s largest antivirus review website, claims the database was secured after they reported the issue to Socialarks.

While data-scraping is not illegal, it is against the terms and conditions of large social media companies.

CyberCX Chief Strategy Officer Alastair MacGibbon – former National Cyber Security Adviser and Head of the Australian Cyber Security Centre – said social media companies had an obligation to do more to prevent bots from scraping user information.

“They should be able to detect when a computer is accessing a million records in the space of a few minutes, and they need to shut it down,” he said.

“They need to understand that information is being entrusted with them by the individual, who would expect them to stop mass scraping”.

“It’s not private data but it’s information that has been given to a website for a purpose, you expect it to only be used for that purpose.”

Tech expert Trevor Long said the apparent size of the database of scraped information made it “one of the most significant we’ve seen”.

He said issues could arise when data from several online sources was amalgamated.

“I think situations like this are reality checks for people – you’ve got your email over there and your phone number over there, but using data-scraping tools, all that information can be brought together in one place,” he said.

“I think that’s the risk people don’t normally see.”

Socialarks – based in Shenzhen and Xiamen in China – did not respond to Nine News’ requests for comment.

It describes itself as a “cross-border social media management company dedicated to solving the current problems of brand-building, marketing, social customer management in China’s foreign trade industry”.

Start your day informed

Our Morning Edition newsletter is a curated guide to the most important and interesting stories, analysis and insights. Sign up to The Sydney Morning Herald’s newsletter here, The Age’s here, Brisbane Times’ here, and WAtoday’s here.

Most Viewed in National

Source: Read Full Article