A simple example: you lock your bike on the street to a lamppost. In which case is it more likely to be stolen, in this case, or if it is kept at home? The answer is obvious, and even if the example is a bit rough, this is practically how it works that your credentials are stored on the network. Even if they are under lock and key, it can still be hacked or deliberately drained. It happens all the time and this time the same thing happened. The accounts of almost a quarter of a billion users of services such as YouTube, TikTok and Instagram have leaked to the network. This is not very pleasant, because each of us can be in this number, but before panicking, you need to figure out what happened, why it happened and what to do.
Data can leak, but it is difficult to deal with it.
User data leak
The personal data of 235 million users of various services were indeed stolen and published in four separate databases. The data follows from a report published by The Next Web. The report says the data is sourced from three service profiles. The three databases were discovered by Comparitech lead researcher Bob Dyachenko. The data leaked on the first of August, but it became known only now.
The researcher points out that the databases were stored without a password or other means of protection. They were identical in all four locations. Thus, potentially there could be several (perhaps even more than four) places from where all the data could be downloaded at once. The fact that they were not stored in parts increases the risk for each user whose data has been stolen. Having stumbled upon a base, attackers could get all users on a silver platter at once, and not some of them.
According to Dyachenko and the rest of the research group behind the discovery, the data were not collected by four separate “collectors.” Moreover, the leak cannot even be considered illegal. All data was collected by the former data collection analyst Deep Social. It was she who collected user accounts, including personal data, in order to use them somehow.
TikTok is popular not only among users, but also among those who hunt for data.
Is it possible to collect user data
This data collection is not only frowned upon by users, but even by most social networks. They try to fight this as actively as possible, but it does not always work out, especially since users themselves share this information. Talking about how easy it was for Deep Social to collect data, we can say that it even has some security certifications that speak of how it worked.
In fact, it is essentially a tool for combining data from various analytics services. So this is all the data that users made publicly available in the services from which they were retrieved. In this case, these are YouTube, TikTok, and Instagram.
Most likely, the data was collected both from applications and from the Internet. And, in this case, that includes information ranging from names, contacts and images to statistics on the number of subscribers a user has and the like. Also included were age, gender and other similar data. That is, on the basis of the obtained squeeze, it was possible to draw a conclusion about what this or that user is.
Do not last on data that you are not ready to share with everyone.
Why is user data stolen
Such data can be very much in demand among advertisers, who can replenish their databases of phone numbers or email addresses. They won't be able to log into your account, but they may get even more channels to convey advertising information to you. On the other hand, is there little such information now? I don't know about you, but they call me up to three times a day. There are also quiet days, but such calls do not surprise me at all. Tell us how you are doing with this and whether you use anti-spam identifiers.
Despite the fact that the data that leaked into the public domain could have been collected just by going to the page of each specific user, it is not pleasant that someone summarized them in order to somehow use them in their own (probably selfish) purposes. Even if there is nothing secret in them, they are mine and I share them with friends and potential subscribers, and not with spammers and analysts. On the other hand, this once again illustrates that what gets on the Internet remains there forever.
Be careful when using social media.
Even if you are worried that someone could get your data, it is still not as bad as a stolen username and password. This also often happens, and you really need to worry about this, and those who wanted to get access to open data will still get it.
What to do if you get hacked
At one time, I talked about the fact that a huge part of users, even after they find out that their accounts have been hacked, are in no hurry to change their password. This is true, although this is the very first thing to do when news appears on the Web that a leak has occurred. This is the only way to combat third-party access.
It is also possible to deal with such leaks as the one that happened now, but this is already more difficult. There are almost no measures to help after the leak. You just need to understand that everything that you share on the Internet will remain there forever. Photos are not particularly interesting to anyone, but e-mail addresses, phone numbers, year of birth and the listed interests can tell a lot and throw you some unwanted advertising. Just do not fill in all the fields when registering, but think about what is really worth sharing. Stealing a password is difficult, but collecting data from open sources is possible.