It’s already a well-known fact that your Instagram likes, hobbies, and activities are monitored and sold to advertisers. When it comes to TikTok’s privacy features, research showed the platform uses device fingerprinting to track your behavior.
Even the fact that the two social media platforms have suffered another data breach doesn’t quite come as a surprise. The history seems to repeat with Instagram and TikTok not properly managing and securing users’ personal data.
Once again, security researchers encountered a weak spot. This time, it was at a third-party company that handles analytics data for the two social media giants.
Let’s dig deeper into the technical facts of just another Instagram and TikTok data breach.
An Unsecured Server Was the Root Cause
An unprotected and unsecured ElasticSearch server that stored scraped data of over 2 million Instagram and TikTok users caused the data breach. A social media analytics site named IGBlade.com owns the compromised server. The IGBlade.com’s activity focuses on analytics tools, tracking follower growth, engagement rates, account history and other metrics for Instagram and TikTok accounts.
Safety Detectives was the one who discovered the vulnerability and informed IGBlade about it in July 2021. IGBlade seemed to have secured the server the same day but apparently didn’t do a great job.
This security vulnerability impacted casual users as well as food bloggers and celebrities like Alicia Keys, Ariana Grande, or Kim Kardashian.
Users’ screenshots and links to profile pictures, full usernames, user bio, email address, phone number, location, and follower counts could now end up in who knows whose hands.
While data scraping (aka web harvesting –where computers or software extract publicly available online data) isn’t an illegal activity, both TikTok and Instagram forbid it in their privacy policies. Still, this isn’t the first time when web scrapers break the companies’ policies terms.
This data leak could be just the beginning of an entire parade of cyber-attacks and online frauds. Cybercriminals can use this information to create fake accounts, unleash phishing attacks, or even ransomware.
Similar Instagram and TikTok Data Breaches
If we were to take a trip down memory lane, we’d see the two companies have been in the spotlight before, for the same reason of exposing their users’ personal data:
What to Expect from Instagram and TikTok in the Future?
An impressive collection of data breaches marks Instagram and TikTok’s histories. Note that the ones mentioned above are just a few recent examples.
These companies don’t seem to learn an important lesson: they need to enforce tight security measures to their databases that store people’s personal data.
Since you can’t expect them to handle your data properly, it’s high time you start protecting it yourself. Find out useful tips on how to stay safe on social media.
Did you ever choose to quit any social media platform? What was the main reason for your decision?
Let me know in the comments section below.