Chinese Startup’s Open Database Exposes 214 Million Social Media Accounts - Security Boulevard

Chinese Startup’s Open Database Exposes 214 Million Social Media Accounts

Across the globe there are more than 3.5 billion people who use social media in some capacity. Whether it’s posting life events to Facebook, networking on LinkedIn, or uploading selfies on Instagram, the average person spends at least 3 hours of their day on social media. When users join these platforms, they give their names, ages, phone numbers, emails, and sometimes even addresses with the expectation that their information will be protected. Unfortunately, that expectation is not alway met.

What Happened?
According to ThreatPost, SocialArks, a Chinese startup, exposed the data of 214 million social media users due to a misconfigured ElasticSearch database. The database was left open and unprotected leaking over 318 million records. These records included names, phone numbers, emails, and pictures from users on Facebook, Instagram, and LinkedIn that SocialArks had scraped for their database. All three platforms prohibit scraping in their terms and conditions so how SocialArks acquired some of the sensitive data remains to be unknown. SocialArks is familiar with this kind of thing as they suffered a similar breach in August that exposed 150 million users. Breaches, like the one SocialArks faced, are generally attributed to companies not making adequate and appropriate investments into cloud security. Leaving databases open and unprotected invites anyone to come in and access the information. Cloud misconfigurations are the number one source of cloud data breaches as SocialArks discovered.

Breaches, like the one SocialArks faced, are generally attributed to companies not making adequate and appropriate investments into cloud security. Leaving databases open and unprotected invites anyone to come in and access the information. Cloud misconfigurations are the number one source of cloud data breaches as SocialArks discovered. 

DivvyCloud by Rapid7 protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud by Rapid7 customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.

The post Chinese Startup’s Open Database Exposes 214 Million Social Media Accounts appeared first on DivvyCloud.

*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by Shelby Matthews. Read the original post at: https://divvycloud.com/chinese-startup-databreach/?utm_source=rss&utm_medium=rss&utm_campaign=chinese-startup-databreach