I hate saying that “this is kind of the norm” when talking about a data breach, but here we go again. A social-media management company called Socialarks recently suffered a data leak to the tune of more than 408GB of personal data for around 214 million Facebook, Instagram, and LinkedIn accounts worldwide. That’s around 318 million individual records, says researchers from Safety Detectives, who published a comprehensive write-up of the breach.
The good news, if there’s any to be had from a massive data breach like this, is that your passwords are safe, and any financial information tied to your accounts is also safe. That’s because the Socialarks only built its now-leaked database by scraping public information across Facebook, Instagram, and LinkedIn — a practice that these companies tend to frown upon.
In effect, the only information that was leaked was information that you, an ardent user of social media, are allowing anyone to see anyway. But that doesn’t make it better, or even excusable; if anything, it should be a great reminder that maybe it’s time to prune what you share freely with the entire world, since there are plenty of companies more than willing to take advantage of that information to build profiles about you.
In Socialarks’ case, information the company stored from various Facebook, Instagram, and LinkedIn users included:
Your full name
Phone numbers and email addressees
Connected social media account names (on LinkedIn)
More worrisome, writes Safety Detectives, is the information that Socialarks somehow got its hands on that wasn’t publicly available:
However, according to our findings, Socialarks’ database stored personal data for Instagram and LinkedIn users such as private phone numbers and email addresses for users that did not divulge such information publicly on their accounts. How Socialarks could possibly have access to such data in the first place remains unknown.
Also, the fact that such a large, active, and data-rich database was left completely unsecured (probably for a second time) is astonishing.
While there’s nothing you can do about this breach right now — I haven’t even seen a tool you can use to check whether your accounts are impacted or not — it’s worth paying attention to the usual Have I Been Pwned to see if this breach pops up in their collection. If so, you could then run a quick email lookup to see if you’re affected.
What you can do, however, is rethink how much information you share publicly on your various social media accounts. You can easily check this on Facebook by using its “View as” button (the eyeball) on your profile page:
Facebook’s Privacy Checkup tool is also a great way to get a quick sense of what you’re sharing to everyone — and make some changes, if you need.
Over on Instagram, simply pull up your profile and edit out any details you don’t want the world to see. Or make your profile private, if you don’t mind losing likes from internet strangers. (They’ll have to follow you, and you’ll have to approve it, before they see anything you post.)
LinkedIn has an incredibly useful tool you can use to view your public profile and quickly adjust anything you’re sharing on it. In fact, I’d say it’s even better to use than anything you’d find on Facebook or Instagram. You can quickly turn the entire public profile on and off, control which people can view your profile photo, and edit which sections of your LinkedIn profile you’d like the public to be able to see:
Even if you don’t care much about Socialarks’ data breach, or you use other social media services even more than Facebook, Instagram, or LinkedIn, this is as good a time as any to think about the info you’re publicly sharing. If you don’t need to share it to people without a connection with you, perhaps its best to remove it or lock it down. Stay on top of your privacy.