Instagram, TikTok and YouTube data breach. Hundreds of millions of accounts compromised

why use list image

A compromised database which includes information about 235 million social media users has been found online. It contains profile names, real names, profile photos, age, gender, engagement statistics, and more. Around one in five records are also thought to contain either a phone number or email address.

What information has been exposed in the social media data breach?


The database includes info on:

  • 100 million Instagram users
  • 42 million TikTok users
  • 4 million Youtube users.

Is this a cybercrime?


Cybercriminals do not seem to be behind this breach.

Instead, a database was mistakenly left unsecured (not password protected) online for anyone to see.

The private data included in the file is thought to have been scraped from the various social media platforms.

What is web scraping?

Web scraping uses technology to gather data from websites. The process is also known as data harvesting, or web data extraction. Analytics firm – such as the infamous Cambridge Analytica – use such tactics to create huge databases of user information. Often, this information is exploited for less than honourable practices (such as trying to influence the political process).

In this case, the data belongs to a social media data company called Deep Social. However, this organisation appears to have since shut down. Social Data, another company (which denies being linked to Deep Social) has defended the practice of web scraping, stating that:

Please, note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all of the data is available freely to ANYONE with Internet access. I would appreciate it if you could ensure that this is made clear. Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database. Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private.”

However, our data protection lawyers would argue that any company who creates this type of database must keep it safe. Leaving such information unsecured and online simply does not do this. So there are questions to answer when it comes to legality of the data processing.

Are you sharing too much on social media?


The Facebook/Cambridge Analytica scandal highlighted what can happen when we share our data online. But, despite the media attention this case received, plenty of us are still willing to hand over our information without thinking about the consequences.

It is absolutely right to demand that organisations look after our data with respect, but it is also crucial that we apply the same standards to our own behaviour if we want to stay safe.

For example, when using technology, we must be conscious of the data we are sharing, and how it can be used. On social media this includes things like:

  • Not accepting friend requests from people you don’t know
  • Being careful about what you share online
  • Removing location data from your posts
  • Using a different password for all your accounts
  • Using two-factor authentication
  • Checking the privacy settings of all your accounts
  • Not downloading suspicious apps
  • Thinking twice before clicking on any links
  • Reading the T&Cs of any games or apps you want to use
  • Being aware of common phishing techniques and keeping an eye out for fraudsters who attempt to gather additional personal information.

Today, social media is part of everyday life, and we would never suggest that you stop using it. But you must take steps to stay safe.

If you have been the victim of a data breach or cyber fraud, contact us to discuss your case in more depth.

Contact our expert data breach lawyers to discuss the social media data breach.

Share this article: