Safetydetectives, a cybersecurity blog specializing in antivirus testing, revealed on Monday a data breach of massive magnitude.
Read also: Cybersecurity: sovereignty and security are inseparable
It is a Chinese start-up, Socialarks, which was the victim of this data breach.
Safetydetectives has indeed found that its server containing personal information on at least 214 million users of LinkedIn, Instagram and Facebook around the world was freely accessible.
In total, more than 400 GB of personal data was exposed.
"Our team found that the Elasticsearch server was exposed publicly without password protection or encryption,"
explains safetydetectives on its site, noting that
"the lack of security on the company server means that anyone in possession of the server's IP address could have accessed a database containing private information of millions of people ”
.
"From the data that we discovered, it was possible to determine the full names, their country of residence, their place of work, their position, their contact information, and direct links to their profiles,"
the company added. which describes itself as
"the world's largest antivirus scanning website"
.
The data in question comes from the three social networks LinkedIn (over 66 million user profiles), Facebook (over 80 million) and Instragam (over 11 million).
Regarding the latter, Safetydetectives specifies that
"high level influencers, including prominent food bloggers, celebrities and other social media influencers"
are affected by the data leak.
In France, more than 810,000 profiles are concerned (680,000 on LinkedIn, 109,000 for Facebook and 28,000 for Instagram), against 29.4 million in the United States.
Risk of scams, frauds and "phishing"
Such data theft presents several risks, including identity theft and financial fraud.
Attackers in possession of this information may also use it for
"targeted scams, including sending personalized emails containing other personal information about the target, thereby gaining their trust and setting the stage for a deeper intrusion into their privacy ”.
"Users can also be targeted by clicks that lead to the installation of malware and phishing"
, details the cybersecurity specialist.
Read also: With the SolarWinds attack, Western cybersecurity in full question
However, Safetydetectives says it ignores how the Chinese company was initially able to access personal information, some of which was not accessible from the three social networks.
These include, for example, private telephone numbers and e-mail addresses of users who had not disclosed them publicly on their accounts.
“Plus, the fact that such a large, active, data-rich database has been left completely insecure (probably for a second time) is astonishing,”
he said.
Indeed, this is not the first time that Socialarks has been the victim of a data breach.
In August 2020, the same event resulted in the disclosure of the data of 150 million users of LinkedIn, Facebook and Instagram.