A Chinese data-scraping social media management firm named Socialarks has exposed over 200 million users of Instagram, Facebook, and LinkedIn, as its entire 408 GB of data leaked online. The security incident resulted from an ElasticSearch server misconfiguration, which was set to public access without password protection. The exposed set includes public data as well as private information including phone numbers and email addresses. In detail, the researchers have found the following in the exposed server: 11,651,162 Instagram user profiles, 66,117,839 LinkedIn user profiles, and 81,551,567 Facebook user profiles.
<p>Cloud is the gift that keeps on giving. Unfortunately, in this case, it\’s the gift of misconfigured databases that keeps giving sensitive information out to anyone with an internet connection and a browser. </p> <p> </p> <p>These kind of cloud database misconfigurations are unfortunately very common and can expose millions of records publicly which should otherwise be kept private. Often we see that this isn\’t because of the lack of technical controls available. Indeed most cloud databases have all the features available to secure databases. Rather what we see here is a combination of human error or lack of knowledge along with lack of assurance to validate if systems are secured properly.</p> <p> </p> <p>This is why it\’s important for all staff to receive appropriate security awareness training, and to build a culture of security throughout the organisation which reinforces best practices.</p>
<p>Instagram, LinkedIn, and Facebook are three major social media platforms containing a plethora of user data, and this incident underscores the perils of data scraping without proper security. Since personally identifiable information was found bundled together with commonalities between profiles, it amplifies the risk of this data being abused by hackers and scammers. For example, for some individuals impacted, there is more than enough information exposed for bad actors to launch highly targeted phishing attacks.</p> <p> </p> <p>Leaving a database like this exposed without password protection is often the result of improper security and access management policies or failure to enforce those policies. To prevent incidents like this from occurring, organizations must implement a comprehensive set of security tools that monitor and control security status in real-time. A platform that provides a holistic view into the cloud landscape minimizes the potential attack surface, shares security and access alerts in real-time, and avoids devastating misconfigurations that put sensitive data at risk.</p>