More than 214 million social media users worldwide have been affected by infringement, including celebrities and influential people in the US and elsewhere.
In a routine check, security investigators discovered the vulnerable server, which was publicly exposed without password protection or encryption. It contained a total of more than 318 million profiles.
SocialArks data management platform is used for advertising and marketing through programming.
Ο server affected, hosted by Tencent, was indexed to store data received from any social media source.
The leaked profiles included 11.651.162 Instagram user profiles, 66.117.839 LinkedIn user profiles, 81.551.567 Facebook user profiles and 55.300.000 Facebook profiles deleted within hours of the discovery of the exposed server.
The personal information included in the profiles was resumes, photos, followers, location settings, contact information, email addresses and phone numbers, fan numbers, number of comments, hashtags frequently used, company names, jobs and more.
"The SocialArks database stores personal data for Instagram and LinkedIn users, such as private phone numbers and email addresses for users who do not disclose this information publicly to their accounts," the researchers said. "How SocialArks could possibly access such data remains unknown. It remains unclear how the company was able to obtain private data from multiple secure sources. In addition, the company's server was inadequately secure and completely unprotected."
The database was secured by SocialArks on the same day that security investigators notified the company of the issue.