Public information from accounts on the social site are being scraped and exposed due to an unsecured server.
With the downfall of Twitter, many former users are jumping ship and signing up for Mastodon, a similar social alternative. The social network is known for being decentralized and open-source, in an attempt to mitigate manipulation and censorship.
Currently, an Elasticsearch server has been scraping public accounts and posts on Mastodon. The server is run by a third-party. Anyone who can access and use the Shodan search engine can access the information on the server. It’s not clear how long the server has been accessing and storing user information.
Some of the information collected includes:
- Account Names
- Display Names
- Profile Photos
- Most Recent Status Updates
While no email or passwords were found, users should be wary of what sensitive information they may have listed on their profile. These types of data leaks are not uncommon. Make sure to always remain vigilant online and keep up cybersecurity best practices in order to mitigate your risk.