The server contained scraped data on millions of social media profiles taken from Instagram and TikTok.
IGBlades server leaked over 2.6 million records of social user accounts, equating to 3.6+GB of data.
The servers content also points to a broader debate about the controversial uses of data scraping methods.
Kim Kardashian’s Instagram information plus a link containing ‘IGBlade’
What is IGBlade?
IGBlades Instagram and TikTok analytics tool collects data from millions of social media accounts across 30+ data metrics.
This is how we know the database belongs to IGBlade.com.
Screenshots of profile pictures featured on the database.
you could see evidence of links to IGBlade in the screenshot below.
Kim Kardashians Instagram information plus a link containing IGBlade
What was leaked?
IGBlades ElasticSearch server was left publicly exposed without any password protection or encryption in place.
Loren Gray’s business number & photo link scraped from Instagram.
We found several examples of high-profile accounts on the server too.
Prominent influencers, such as food bloggers, celebrities, and social media influencers all featured.
Screenshots of profile pictures featured on the database.
A link to Arianna Grande’s TikTok profile picture.
Loren Grays business number & photo link scraped from Instagram.
A link to Arianna Grandes TikTok profile picture.
The servers massive logs contain data for millions of social media accounts.
2.6+ million records/3.6+GB of data features on the server.
you’re able to see evidence of the servers size and document count in the following screenshot.
2.6+ million records/3.6+GB of data features on the server.
We reached out to IGBlade on July 5th, 2021.
IGBlade responded quickly following the disclosure process, and IGBlades database was secured on the same day.
Why Do People Use Social Scraping Tools?
Primarily, marketers and businesses use social analytics tools like IGBlade for advertising purposes.
Hackers misuse data scraping methods to conduct cyberattacks on a mass scale.
However, data scraping is not allowed on TikTok or Instagram.
TikToks terms of service also ban the process of screen scraping.
Ultimately, these violations could land IGBlade in big trouble with Instagram and TikTok.
Both sites could move to ban IGBlade from their services.
IGBlades business model relies on access to these social media sites.
Hackers could quickly gather thousands of email addresses on IGBlades server.
Phishers may even refer to other forms of personal data to build trust with the recipient.
Mass robocalling scams are also possible due to the vast collection of contact details stored in the exposed database.
Speaking of which, the servers content also facilitates the creation of fake accounts.
These accounts could lure in followers, spreading misinformation, and coercing users into other scams or phishing attacks.
Is Data Scraping Okay?
The issue many people have with the practice revolves around the misuse of data scraping methods.
Cybercriminals can, unfortunately, enjoy all of the same benefits from scraping data as marketers or businesses.
In this case, cybercriminals can use data scraping as a cybercrime accelerant rather than an enabler.
Data scraping can accelerate the speed and scope of hackers criminal activities.
Criminal misuse is likely a reason many social media sites have banned public data scraping on their platforms.
There also remains the fact social media users cannot code their page to prevent/prohibit data scraping bots.
People will continue to debate this topic as long as companies persistently scrape public data.
For many, two questions remain: Should social media sites be doing more to stop data scraping?
And, in certain contexts, should public data scraping be legal in the first place?
Preventing Data Exposure
Social media data scraping is not a typical data exposure.
Worse still, data scraping is fairly unavoidable in most cases.
For a full review of SafetyDetectives cybersecurity reporting over the past 3 years, followSafetyDetectives Cybersecurity Team.
