Private data including personal contact information from millions of Instagram accounts was leaked recently, according to a TechCrunch report. Apparently, the exposed data was compiled and then posted on an online database which was discovered by security researcher Anurag Sen. Said database allegedly contained phone numbers and emails IDs and other such private information of six million Instagram accounts held by popular brands, influencers, and celebrities on the platform.
According to the source, this plethora of data contained upwards of 49 million entries and was hosted by Amazon Web Services. After discovering the database, Sen notified TechCrunch, which then tried to trace its origins in order to find the culprit and secure the exposed data. The trace was successful and the owner of the database turned out to be an Indian social media marketing company named Chtrbox.
Chtrbox, a Mumbai-based marketing firm, pays Instagram influencers to post ads on their accounts. Apparently, the company acquired the data in order to calculate appropriate payments to the Instagram account holders for sponsored content. The database contained records that determined the net worth of every account based on factors such as likes, shares, number of followers, interaction and reach.
The records found contained explicit information about each account including both public and private information about the media influencers and bloggers. Apart from personal phone numbers and email addresses, other information in the database included profile pictures, bios, number of followers and whether the users had verified their location on Instagram both by city and country.
Owners of the exposed Instagram accounts were contacted and informed about the breach. TechCrunch verified that the leaked phone numbers and email addresses belonged to popular social media influencers on Instagram, and that the victims had no association with Chtrbox.
The owner of Instagram, Facebook, has issued a statement regarding the data breach:
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
Not long after TechCrunch contacted Chtrbox, the company removed the database from the internet. As of right now, the CEO of the Indian firm Pranay Swarup has yet to offer any comments on the matter or explain how or why the company got hold of such copious amounts of personal data off Instagram.
It goes without saying that this isn't the first time Facebook has faced issues with data leakage and similar mishaps. Apart from the infamous Cambridge Analytica scandal, just last month security researchers discovered unprotected datasets for two Facebook-integrated apps which were being stored on Amazon S3 servers, exposing over 540 million records of user data including passwords stored in plain text.
Update: A spokesperson for Chtrbox has disclosed the following statement to Neowin concerning the database exposure:
"The reports on a leak of private data are inaccurate. A particular database for limited influencers was inadvertently exposed for approximately 72 hours. This database did not include any sensitive personal data and only contained information available from the public domain, or self reported by influencers. We would also like to affirm that no personal data has been sourced through unethical means by Chtrbox. Our database is for internal research use only, we have never sold individual data or our database, and we have never purchased hacked-data resulting from social media platform breaches."