A cloud misconfiguration by the Chinese social media management company SocialArks exposed 318 million records from Facebook, Instagram, and LinkedIn. More than 400GB of public and private profile data for 214 million social-media users world-wide.
The leak stems from a misconfigured ElasticSearch database, which contained Personally Identifiable Information (PII). Researchers discovered that the server was publicly exposed without a password or encryption during routine IP-address checks.
The scraped profiles included 11,651,162 Instagram user profiles; 66,117,839 LinkedIn user profiles; 81,551,567 Facebook user profiles; and 55,300,000 Facebook profiles that were deleted within a few hours after the open server was discovered. This practice is unethical and violates the terms of service of the platforms that were obtained from (Facebook, Instagram, and LinkedIn).
The impact:
Breaches like this can result in high-volume and automated social engineering. In addition to this, it makes identity theft and financial fraud a greater possibility, considering some of the information in this breach was confidential information.
The remediation:
Restrict public access to your profile and media assets and take care when granting applications access to information stored on devices. As your information could be stolen and potentially be misused.
Source: Threat Post