Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online by an analytics firm, Infosecurity can reveal.
A team at reviews site SafetyDetectives led by Anurag Sen found the data located on a misconfigured Elasticsearch server, left exposed without any password protection or encryption in place.
It quickly traced the 3.6GB trove of more than 2.6 million TikTok and Instagram profiles to IGBlade, a firm that provides marketing insights on social media users for its customers.
“The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” the researchers wrote. “This is how we know the database belongs to IGBlade.com.”
Although data scraping is not illegal, and all of the user info contained in the exposed database was publicly available, it breaks the terms of service for TikTok and Instagram.