Data of millions of Instagram users have leaked online, which included personal information about Instagram influencers, celebrities and brand accounts. As per a TechCrunch report, an unsecured database hosted by Amazon Web Services was found by security researcher Anurag Sen. This database didn’t require any credentials to be accessed and is said to have contained over 49 million records. The records reportedly featured public data scraped from Instagram accounts of influencers and contained their profile picture, bio, the number of followers they have, whether they are verified and their location by city and country. In addition, the records were displaying private information as well, like email address and phone numbers of the accounts holders.
The database was traced back to a Mumbai-based social media marketing firm Chtrbox, which is said to have taken the database offline now. The marketing firm is said to pay influencers to post sponsored posts on their accounts and each record in the database is said to have contained a “record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had. This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.”
TechCrunch says it found records of many high-profile influencers in the exposed database, including prominent celebrities, food bloggers, and other social media influencers. They contacted some of them at random and two of the influencers got back to confirm their email address and phone number. The information which was showing up in the database was the one they used to set-up their Instagram account. However, neither of the two users had any affiliation with Chtrbox. This begs the question of how the Mumbai-based social media marketing firm was able to obtain their private data.
This comes soon after Facebook admitted that its recent password leak affected not thousands but millions of Instagram users. You can read more about the previous issue here.