The victims of this “data leak” also include celebrities like Alicia Keys, Loren Gray, Kylie Jenner, Ariana Grande, and Kim Kardashian.
The cybersecurity team at Safety Detectives, led by Anurag Sen, discovered an unsecured ElasticSearch server belonging to IGBlade.com, a social media analytics site. The server stored scraped data of millions of social media users. The data was taken from TikTok and Instagram.
Reportedly, at least 2.6 million user profiles have been exposed, equivalent to over 3.6 GB of data. The researchers dubbed it a shocking discovery since data scraping is banned on most social media websites, although it isn’t illegal.
It is a Romanian website that collects social media users’ data to offer its clients an in-depth understanding of an Instagram or TikTok account. The platform has gathered data from millions of social media accounts of more than 30 different data metrics.
It then consolidates this information into a “navigable social account search engine” that displays critical data such as followers rate, demographics stats, engagement rate, data visualizations, account history, etc. To obtain these social media insights, users are required to create an account on IGBlade.
What was Exposed?
Part of the exposed data were screenshots and links to profile pictures and other types of scraped personal data of social media users. It is worth noting that all data on the exposed database was publicly available.
However, the incident has yet again ignited the debate on the controversial use of data scraping. Researchers claim that the data was left exposed without any encryption or password protection in place. The exposed data included:
- Full names
- location data
- About details
- Profile pictures
- Phone numbers
- Email addresses
- Engagement rate metrics
- Follower counts & following counts.
Some celebrities were also affected, including:
- Alicia Keys
- Loren Gray
- Kylie Jenner
- Ariana Grande
- Kim Kardashian
According to Safety Detectives’ blog post,
“The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade. This is how we know the database belongs to IGBlade.com,” researchers noted.
The exposed data was available online for more than a month until Safety Detectives’ researchers discovered it on July 5 and notified IGBlade. The company secured it on the same day.