Data of 235 million Instagram, TikTok, YouTube users up for grabs on dark web, reports say
Sputnik news agency and radio 12:37 GMT 21.08.2020
New Delhi (Sputnik): To deal with the data leak and other cyber security-related concerns, the Indian government has approved a data protection bill to manage and process data stored by private and public entities. Last month, a crypto hack attack on a famous vlogger’s YouTube channel raised concerns in the country.
Highlighting a massive data leak, a pro-consumer website on Friday warned that the personal profiles of nearly 235 million TikTok, Instagram, and YouTube users have been put on the darknet - a platform containing unencrypted and stolen information - for sale.
Security researchers from the website Comparitech stated that the data set included 42 million TikTok users, four million YouTube profiles, and the rest from Instagram. The leaked information comprises mobile numbers, email addresses, profile photos, full names, and other important profile information.
"Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation. The information would probably be most valuable to spammers and cyber criminals running phishing campaigns", said Paul Bischoff, editor at Comparitech.
Last month, concerns were raised over reports of a crypto hack reaching India via YouTube. Popular Indian vlogger Carry Minati (real name Ajay Nagar) claimed that one of his two YouTube channels had been hacked. He alleged that the profiles showed bitcoin links to followers.
In a similar development, verified Twitter accounts of global icons like Barack Obama and Elon Musk were hacked and infected with similar bitcoin links.
Bitcoin scams have emerged as a new and popular method among cyber criminals, who put these links on social media network profiles that have been hacked into with the help of data available on the darknet. This enables phishing campaigns and exposes people to the risk of financial fraud.
In February, the US-headquartered tech website BGR, which also operates from India, suffered a massive data leak on the dark web, where private information such as email IDs and passwords were shared.