A Chinese company leaves 408 GB of sensitive data on an unsecured server: it’s the social profiles of 214 million users from halfway around the world.
Bad news from China: Socialarks, a Chinese advertising agency that helps Eastern companies sell abroad, has suffered a colossal 408 GB data theft. It’s a 318 million record database, inside of which is the data of 214 million Facebook, Instagram and LinkedIn profiles from around the world.
The database was located on an unsecured server and it wasn’t hard for hackers to steal the data. It’s not even the first time Socialarks has suffered such a theft: in August 2020, the data of another 150 million profiles on the same social networks was stolen. Not bad security performance for a company born in 2014 and that, in just six years, has given cybercriminals over 360 million social profiles and hundreds of GB of sensitive data, making users personally identifiable. But that’s not all, because the data stolen from Solararks had in turn been obtained by the company through questionable methods.
What data they stole from Socialarks
In the database stolen from Socialarks were the data of 11.6 million Instagram profiles, 66.1 million Linkedin profiles and 137 million Facebook profiles. Among the stolen data there is a bit of everything: name and surname, phone number, link to the profile, username, image and description of the profile, number of comments and followers/friends, approximate geographical location (in some cases even the exact one), most used hashtags, links to websites in the info or in the Bio.
All these data in a short time will end up, if not already finished, for sale on some forum of the Dark Web and will be offered to spammers and to those who profit from digital identity theft. Name, surname and phone number, then, will be very useful to those who do vishing and smishing for a living.
How did Socialarks get the data
The question is, however, how did the Chinese marketing company collect this massive amount of data on all these profiles. The answer is simple: they were given to it by the users themselves.
They are in fact data with public privacy on social, which have been raked by the Chinese company over time through the use of special bots “scraping” the Web. These are codes that automatically read millions of Web pages looking for personal data and, when they find it, save it in databases.