It’s already a well-known fact that your Instagram likes, hobbies, and activities are monitored and sold to advertisers. When it comes to TikTok’s privacy features, research showed the platform uses device fingerprinting to track your behavior.
Even the fact that the two social media platforms have suffered another data breach doesn’t quite come as a surprise. The history seems to repeat with Instagram and TikTok not properly managing and securing users’ personal data.
Once again, security researchers encountered a weak spot. This time, it was at a third-party company that handles analytics data for the two social media giants.
Let’s dig deeper into the technical facts of just another Instagram and TikTok data breach.
An Unsecured Server Was the Root Cause
An unprotected and unsecured ElasticSearch server that stored scraped data of over 2 million Instagram and TikTok users caused the data breach. A social media analytics site named IGBlade.com owns the compromised server. The IGBlade.com’s activity focuses on analytics tools, tracking follower growth, engagement rates, account history and other metrics for Instagram and TikTok accounts.
Safety Detectives was the one who discovered the vulnerability and informed IGBlade about it in July 2021. IGBlade seemed to have secured the server the same day but apparently didn’t do a great job.
This security vulnerability impacted casual users as well as food bloggers and celebrities like Alicia Keys, Ariana Grande, or Kim Kardashian.
Users’ screenshots and links to profile pictures, full usernames, user bio, email address, phone number, location, and follower counts could now end up in who knows whose hands.
While data scraping (aka web harvesting –where computers or software extract publicly available online data) isn’t an illegal activity, both TikTok and Instagram forbid it in their privacy policies. Still, this isn’t the first time when web scrapers break the companies’ policies terms.
This data leak could be just the beginning of an entire parade of cyber-attacks and online frauds. Cybercriminals can use this information to create fake accounts, unleash phishing attacks, or even ransomware.
Similar Instagram and TikTok Data Breaches
If we were to take a trip down memory lane, we’d see the two companies have been in the spotlight before, for the same reason of exposing their users’ personal data:
TikTok
What to Expect from Instagram and TikTok in the Future?
An impressive collection of data breaches marks Instagram and TikTok’s histories. Note that the ones mentioned above are just a few recent examples.
These companies don’t seem to learn an important lesson: they need to enforce tight security measures to their databases that store people’s personal data.
Since you can’t expect them to handle your data properly, it’s high time you start protecting it yourself. Find out useful tips on how to stay safe on social media.
That is unless you haven’t come to terms to forget everything about these platforms and delete your Instagram and/or TikTok accounts.
Did you ever choose to quit any social media platform? What was the main reason for your decision?
Let me know in the comments section below.
Leave a comment
Marketer Rakib
Posted on 29/09/2022 at 09:13
Instagram is a popular way to get connected with various people. Instagram scrapers are doing this easily. If you find out the best Instagram scrapers, You can easily boost up your followers.
Marketer Rakib
Posted on 28/09/2022 at 09:03
Instagram is a great way to reach more people gradually. How can Instagram scrapers work in it? Should we consider Instagram scrapers for building followers?
Ghostie
Posted on 28/09/2022 at 12:41
Hi, Rakib.
Web scraping is a controversial topic. While scraping publicly available data is considered legal, collecting any private or copyrighted information is generally illegal.
Some web scraping tools fall in a gray area, which has opened the way for litigation. Meta, Instagram’s parent company, is actively involved in legal battles with data scraping sites.
As such, we wouldn’t advise anyone to scrape data without first getting legal advice relevant to their jurisdiction. Please note that none of this is legal advice.
Stay safe!