If you use social media frequently, especially TikTok, Instagram and YouTube, you may want to take note of a recent report by a security research team at Comparitech that an unsecured database has exposed 235 million Instagram, TikTok and YouTube user profiles. The exposed information may have included profile names, real names, profile photos, and account descriptions, and some might also have included telephone numbers and email addresses. In addition, users’ statistics were exposed, including the number of followers, engagement rate, growth rate, audience age, gender, location, user’s age and likes. 

Although some of the information is publicly available, according to Comparitech, “…the fact that it was leaked in aggregate as a well-structure database makes it much more valuable than each profile would be in isolation.”  This is because it saves the scammers a lot of time and effort with having to aggregate all the data elements together to prepare a profile of the user.

The information is a set up for massive phishing schemes.  If you use TikTok (consider twice before using TikTok in the first place), Instagram or YouTube, and you have a user profile, be especially aware that you will be targeted more than ever before with phishing attacks.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.