Paul Bischoff, editor of Comparitech which published the security researchers findings, said: “The information would probably be most valuable to spammers and cybercriminals running phishing campaigns. Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation”.
In terms of how this huge amount of user data was obtained, researchers initially pointed towards a company called Deep Social. However, this firm was banned by both Facebook and Instagram in 2018 after scraping user data with their operations winding down after that.
After researchers found clues to the data’s origins, they sent an alert to Deep Social assuming the database belonged to them. However, the firm’s administrators forwarded details of the data exposure onto a Hong Kong-based data marketing company called Social Data.