A massive data breach has exposed a “huge trove” of information gleaned from more than 214 million Facebook, Instagram and LinkedIn accounts, and stored on an insecure server, according to cybersecurity researchers.
9News has also seen a screenshot that appears to show details of various Australian Facebook users from most states and territories.
While most of the information is already publicly viewable on social media, it is claimed that in some cases phone numbers or email addresses were included that were not disclosed in the profiles.
Lead researcher Anurag Sen said his team, which looks for vulnerabilities online, was able to access more than 400 GB of data and more than 318 million records that were left “completely insecure … without password protection or encryption.”
“From the leaked data we discovered, it was possible to determine the full names of the individuals, country of residence, place of work, job title, subscriber details and contact information, as well as direct links to their profiles,” he said.
He said that while most of the data scraping was done for legitimate business and marketing purposes, if not stored with adequate protection, criminals could access it and use it for identity fraud or to target people with scams.
His team, which runs the world’s largest antivirus review website, says the database was protected after they reported the problem to Socialarks.
While data mining is not illegal, it goes against the terms and conditions of the big social media companies.
CyberCX chief strategy officer Alaistair MacGibbon, a former national cybersecurity advisor and director of the Australian Center for Cybersecurity, told 9News that such companies had an obligation to do more to prevent bots from scraping user information.
“They should be able to detect when a computer is accessing a million records in the space of a few minutes and they need to shut it down,” he said.
“They need to understand that the information is being entrusted to them by the individual, who would expect them to stop scraping en masse.
“This is not private data, but it is information that has been provided to a website for a purpose, you hope it will only be used for that purpose.”
Technology expert Trevor Long said the apparent size of the database of information extracted made it “one of the most important we have seen.”
He said problems could arise when data from various online sources was merged.
“I think situations like this are reality checks for people – you have your email and your phone number, but by using data mining tools, all of that information can be gathered in one place,” he said.
“I think that’s the risk that people normally don’t see.”
Socialarks, based in Shenzhen and Xiamen in China, did not respond to requests for comment from 9News.
It describes itself as a “cross-border social media management company dedicated to solving the current problems of branding, marketing, and social customer management in China’s foreign trade industry.”