How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers

How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers

SUMMARY

A database of 49 Mn Instagram influencers was left open on an AWS server

The data breach was attributed to Mumbai-based social media marketing firm Chtrbox

Chtrbox later pulled down the database

As data leaks originating from Menlo Park-headquartered Facebook and its group companies mount, photo-sharing app Instagram has now reported a data breach.

A TechCrunch report said that a security researcher Anurag Sen alerted it of a database, hosted by Amazon Web Services, which contained contact information of millions of Instagram influencers, celebrities and brand accounts.

The database was reportedly left in the open and without a password, allowing anyone to look inside. When TechCrunch saw it, the database had over 49 Mn records, which it says were growing by the hour.

The Compromised Details

The report reviewed that each record contained public data scraped from influencer Instagram accounts which included their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country. However, it also contained their private contact information, such as the Instagram account owner’s email address and phone number.

Sen and the TechCrunch team traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts.

It is being said that each database record contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had.

These statistics are used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad. However, Chtrbox later pulled down the data and Pranay Swarup, the company’s founder and chief executive, was not reachable for comment.

The Plan Of Action

In an email statement to Inc42, an Instagram spokesperson said, “We are investigating whether a third party improperly stored Instagram data, in violation of our policies. It’s also not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram.”

The spokesperson further said that, regardless, the possibility of third parties mishandling user data is something they take seriously, which is why they are quickly working to understand what happened.

News of this bug comes after Instagram admitted that a security bug in its developer API allowed hackers to obtain the email addresses and phone numbers of six million Instagram accounts. The hackers had later sold the data for bitcoin.

Data Breaches Continue To Hurt Facebook

After more than one year of continued data breaches and data concerns on a global level around its main social media platform, Facebook and its subsidiaries are bound to face a lot of uncomfortable questions.

Recently, WhatsApp fixed a massive data vulnerability that left its over 1.5 Bn users at risk from malicious spyware. The vulnerability allowed attackers to inject spyware on phones with WhatsApp by using the app’s voice call function. The attack allowed hackers to surreptitiously install apps in the background during a voice call.

Further, in India specifically, modified versions of the WhatsApp app and other software tools to manage the application that cost a mere $14 are helping Indian digital marketers and political activists bypass anti-spam restrictions set up by the Facebook-owned company.

Facebook has become a highlight of the concerns of privacy across social media when the Cambridge Analytica data breach came to light last year. Since then, authorities worlwide have been coming down heavily on the social media giant. The latest breach by Instagram adds to the burden of the company in proving its security of user data.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers-Inc42 Media
How A Mumbai Firm Compromised Personal Data Of Millions Of Instagram Influencers-Inc42 Media
You’re in Good company