Instagram, TikTok and Youtube users' personal data exposed by social media company

Approximately 235 million accounts were exposed, with personal data including names and contact information left on an insecure database

Adam Smith
Thursday 20 August 2020 17:27 BST

Support truly
independent journalism

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas


A company that sells social media data to marketers has left nearly 235 million Youtube, TikTok, and Instagram profiles exposed.

Social Data managed a database that was neither password-protected nor had any authentication methods, according to a report from Comparitech.

The data reportedly includes a information including names, contact information, personal information, images, and statistics about followers.

Comparitech also said it detailed information about those accounts, such as number of followers, engagement rate, follower growth rate, audience gender, audience age, audience location, and likes.

Security researcher Bob Diachenko, who had previously contributed to uncovering the ‘Meow’ hack, said he uncovered three identical copies of the exposed data at the start of the month.

According to Comparitech, the company responsible for the unsecured database was a now-shuttered firm called Deep Social. When informed of the breach by Comparitech, Deep Social forwarded the disclosure to Social Data.

The CTO of Social Data reportedly acknowledged the exposure, and took down the servers within three hours – but Social Data denies any connection between itself and Deep Social.

Facebook and Instagram banned Deep Social from their marketing APIs in 2018 for scraping data from user profiles. “Scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection”, a Facebook spokesperson said.

Speaking to Comparitech, a spokesperson for Social Data said to “note that the negative connotation that the data has been hacked implies that the information was obtained surreptitiously. This is simply not true, all of the data is available freely to ANYONE with Internet access.

“I would appreciate it if you could ensure that this is made clear. Anyone could phish or contact any person that indicates telephone and email on his social network profile description in the same way even without the existence of the database.

“Social networks themselves expose the data to outsiders – that is their business – open public networks and profiles. Those users who do not wish to provide information, make their accounts private [sic]”, they continued.

Social Data launched in August 2019, is located in Hong Kong, and has apparently worked with companies including Samsung, Heineken, L’Oreal, Unilever, Walmart, Amazon, Disney, and

It is unclear how long the data had been exposed prior to 1 August, when it was detected, or whether it was accessed by malicious individuals. The Independent has reached out to Social Data for clarification.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in