As data leaks originating from Menlo Park-headquartered Facebook and its group companies mount, photo-sharing app Instagram has now reported a data breach.
A TechCrunch report said that a security researcher Anurag Sen alerted it of a database, hosted by Amazon Web Services, which contained contact information of millions of Instagram influencers, celebrities and brand accounts.
The database was reportedly left in the open and without a password, allowing anyone to look inside. When TechCrunch saw it, the database had over 49 Mn records, which it says were growing by the hour.
The Compromised Details
The report reviewed that each record contained public data scraped from influencer Instagram accounts which included their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country. However, it also contained their private contact information, such as the Instagram account owner’s email address and phone number.
Sen and the TechCrunch team traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts.
Related Article: Instagram, Chtrbox Deny Leak Of Private Data Of Influencers
It is being said that each database record contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had.
These statistics are used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad. However, Chtrbox later pulled down the data and Pranay Swarup, the company’s founder and chief executive, was not reachable for comment.
The Plan Of Action
In an email statement to Inc42, an Instagram spokesperson said, “We are investigating whether a third party improperly stored Instagram data, in violation of our policies. It’s also not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram.”
The spokesperson further said that, regardless, the possibility of third parties mishandling user data is something they take seriously, which is why they are quickly working to understand what happened.
News of this bug comes after Instagram admitted that a security bug in its developer API allowed hackers to obtain the email addresses and phone numbers of six million Instagram accounts. The hackers had later sold the data for bitcoin.
Data Breaches Continue To Hurt Facebook
After more than one year of continued data breaches and data concerns on a global level around its main social media platform, Facebook and its subsidiaries are bound to face a lot of uncomfortable questions.
Recently, WhatsApp fixed a massive data vulnerability that left its over 1.5 Bn users at risk from malicious spyware. The vulnerability allowed attackers to inject spyware on phones with WhatsApp by using the app’s voice call function. The attack allowed hackers to surreptitiously install apps in the background during a voice call.
Further, in India specifically, modified versions of the WhatsApp app and other software tools to manage the application that cost a mere $14 are helping Indian digital marketers and political activists bypass anti-spam restrictions set up by the Facebook-owned company.
Facebook has become a highlight of the concerns of privacy across social media when the Cambridge Analytica data breach came to light last year. Since then, authorities worlwide have been coming down heavily on the social media giant. The latest breach by Instagram adds to the burden of the company in proving its security of user data.