Out of the fire and into the frying pan it is for Facebook. This time, it’s Instagram’s time to be breached.
Tech Crunch (TC) broke the news that the private information of more than 49 million influencers, celebrities and brand accounts have been found online in an unprotected database. This information includes the emails and phone numbers associated with each user’s account.
“The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside,” TC reported. “At the time of writing, the database had over 49 million records — but was growing by the hour.”
The database was hosted by Amazon Web Services, and included scraped information on each influencer such as their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country, and more.
TC was tipped off by an Indian security researcher by the name of Anurag Sen.
According to Tech Crunch, the database was compiled by Mumbai-based social media marketing platform Chtrbox, which compiled the information and used metrics such as engagement rates and other data to quantify the marketable value of an influencer and how much they would pay them to post ads for their followers to see.
“Each record in the database contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had,” TC explained.
TC got in touch with some of the influencers they found on the database and confirmed the information’s authenticity. To make matters worse, TC realized that many of these online personalities had never had any contact with Chtrbox before, which makes sense given that the company’s website says that it only has 184,843 influencers registered on its platform – 0.37% of all the total users they had accumulated data from.
“Gathering – or scraping – information from Instagram accounts violates the policies of [Instagram],” the BBC explains.
Facebook is now looking into the matter: “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,” said an updated statement. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
Just last week, Facebook-owned Whatsapp also suffered a breach, where cybercriminals were able to install spyware onto users’ phones without their knowledge, through the app’s call feature. This is just a drop in the sea of breaches and privacy mishaps Facebook and its companies have suffered in recent months.