Data from the social media profiles of approximately 235 million people were released to the Internet by companies that "scraped" information from Instagram, TikTok, and YouTube.

The published data included full name, age, gender, profile photo, and in some cases phone number and email address. The database was taken offline in early August, three hours after Comparitech researchers notified the database's current administrator that it was insecure.

It is unclear how long the database remained open for anyone to find, but Deep Social, the company that collected the information, banned Facebook from scraping Instagram user profiles after it threatened to sue, The company went out of business in 2018. The database is now managed by another company called Social Data.

Those whose phone numbers and email addresses were exposed as part of this data breach may be at a higher risk of being targeted by phishing scams. However, all information was already publicly available on Instagram, TikTok, and YouTube. (We call this a "data breach" rather than a "data leak" because there is no evidence that the data was stolen or misused.)

While it is not illegal to collect publicly available information from social media services, most social media companies prohibit it in their terms of service and reserve the right to block such activity.

According to Comparitech, Deep Social marketed itself as an analytics platform that provides insights about social media "influencers" for high-profile corporate clients. Social Data, which currently holds the database, seems to be doing more or less the same thing.

"The negative implication that the data has been hacked means that the information has been obtained surreptitiously," a Social Data spokesperson told Comparitech. All data is freely available to anyone with access to the Internet."

To avoid having your personal data raked in by marketers and data brokers, minimize the amount of information you display publicly on Facebook, Instagram, TikTok, Twitter, YouTube, and other social media sites by Keep it to a minimum.

Consider registering under a pseudonym or disposable e-mail address and using a photo that does not show your face. Also, never provide your date of birth. This is important information that identity thieves can use.