KUALA LUMPUR, Aug 21 — Cybersecurity researchers over at Comparitech have discovered a database breach that has exposed the profile data of almost 235 million user accounts on TikTok, Instagram, and YouTube.

The compromised information includes names, contact info such as emails and phone numbers, images, and follower statistics of affected accounts.

According to the report, the information was obtained from the servers of Social Data — a company that makes its living selling social media influencer data to marketing companies.

It’s important to understand Social Data does not hack/steal this data — instead, the information is procured using a process called "web-scraping”.

What is web-scraping?

Web-scraping is an automated process that’s used to retrieve information from websites — Facebook, Instagram, or TikTok, in this case.

The information that can be obtained by web-scraping is public in nature, although the legality of the technique falls within a grey area of sorts.

For one thing, data scraping is against the Facebook, Instagram, TikTok, and YouTube Terms of Use.

Deep Social — a now-defunct company — was the source of most of the data, although Social Data states that it is not affiliated with the company.

For some context, Deep Social was earlier banned from Facebook and Instagram’s marketing APIs due to web-scraping practices. A Facebook spokesperson, when speaking with Comparitech, explained:

However, Comparitech explains that such data-scraping bots can be difficult to detect by social media companies.

As such, data has been collected — and now breached — from almost 235 million accounts across the three platforms.

While Social Data’s servers have been taking down since, what’s worrying is that free access to the database was available on the web — no password, no authentication, nothing.

Affected information includes: