A trove of personal data belonging to millions of Instagram users has been exposed online. The breached data was contained in a massive database left unsecured for hours or even days online. According to TechCrunch who reported the incident, the exposed database contained the public and private details of over 49 million Instagram users.
The database exposed the personal and contact information of high-profile Instagram influencers and celebrities as well as brand accounts. The database is said to be hosted on Amazon Web Services and open to anyone who knew what to do with it. There was no password required to access the database and millions of accounts were at the mercy of hackers for God-knows-how-long.
Instagram Account Owners Verify the Personal Details Obtained In the Exposed Database
TechCrunch reported they got alerted to the exposed database by Anurag Sen, an online security researcher. He reached out to the tech media outfit with the hopes that the owner of the trove could be found and made to security it. A detailed review of the database revealed the profile photos, bios, residential addresses, phone and email contacts, number of followers, as well as verification statuses of all the Instagram accounts.
To confirm the authenticity of the information contained in the leak, TechCrunch reportedly called several influencers and celebrities at random using personal details gleaned from the database. Some of the people confirmed that the personal details cited were correct and actually used to open their Instagram accounts.
Some underground tasks were done and the database was found to possibly belong to Chtrbox, a social media marketing firm based out of Mumbai, India. The firm hires top Instagram influencers and celebrities to post sponsored posts on their accounts in return for payment.
The marketing company analyzes the monetary value of each Instagram account – based on the number of followers, social engagement, geographical reach, likes and shares to contact account owners for paid promos.
Facebook Swears To Get To the Bottom of the Instagram Data Breach
Incidentally, none of the account owners who responded and confirmed that the cited info contained in the database was theirs recalled having any dealings with Chtrbox.
But as can be expected, the social marketing firm pulled down the breached data trove as soon as TechCrunch alerted them to it. The firm’s founder and CEO, Pranay Swarap, failed to provide answers regarding the breach and how they came to be in possession of personal information belonging to millions of Instagram users.
This is not the first time Instagram’s data will be compromised. The social media revealed two years ago that the personal data of up to six million users were breached two years ago due to a bug in its developer API. The hackers who hacked the API sold off the obtained data for Bitcoin.
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,” Facebook said in a statement. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”