The 400GB worth of data was exposed due to a misconfigured Elasticsearch database.
Safety Detectives’ cybersecurity reported that a Chinese startup called Socialarks became the victim of a massive data breach. According to Safety Detectives team head Anurag Sen, around 400 GB worth of private data was exposed in the breach.
Socialarks Data Breach
The breach occurred due to an unsecured ElasticSearch database, which contained personally identifiable information of approximately 214 million social media users from across the globe.
Impacted users include many high-profile celebrities, food bloggers, and social media influencers. Most of the users were associated with Facebook, Instagram, and LinkedIn.
Affected Server was Segmented
Tencent, a Chinese multinational technology conglomerate holding company hosted the vulnerable server. It was segmented into indices, probably to store data obtained from different social media sources. However, the team discovered records from only three major aforementioned social media platforms.
Data ‘Scraped’ due to Poor Password Protection.
The ElasticSearch database wasn’t secured with a strong password or encryption. Lack of protection on a server means that anyone possessing its IP address can access the database. The same happened in the case of Socialarks. Resultantly, the private data of millions of users got exposed.
Exposed Data Includes…..
According to Safety Detectives’ blog post, the database contained “a “huge trove” of se ..