Instagram: the data of 49 million users exposed online
Probable data theft from Instagram for millions of people. Found a huge database online containing the contact information of millions of users
Instagram's private contact details of millions of people may have been stolen, according to the authoritative website TechCrunch. A huge database was found online that contained the contact information of over 49 million users, including influencers and official brand and celebrity accounts.
The database, hosted on Amazon Web Services, had no password and therefore allowed anyone to read the data it contained(over 49 million records continuously increasing).
From a brief analysis, result that every record collected public data derived from influencer Instagram accounts (biography, profile photos, number of followers, verified account information and location by city and country), but also private contact information, such as the e-mail address and phone number of the account owner.
Anurag Sen's investigations
The security researcher Anurag Sen he discovered the database and tried to find the owner to make sure it was secured. therefore the connection withChtrbox, a Mumbai-based social media marketing company that pays influencers to publish sponsored content on their accounts. Each element in the database also contained a record that calculated the value of each account, based on the number of followers, engagement, reach, likes and actions. This record was used as a parameter to determine how much the company could pay a celebrity or influencer to publish content.
Two of the people whose data was included in the database confirmed that they had used the email address and phone number found to set up their Instagram accounts. But neither of the two influencers seem to have had anything to do with Chtrbox.
Shortly after the discovery, Chtrbox has blocked access to the database. Pranay Swarup, founder and CEO of the company, did not comment on the facts nor responded to those who asked him how the company obtained private e-mail addresses and phone numbers from Instagram accounts.
Data theft from Instagram: the precedents
The evidence of data theft from Instagram comes two years after the social network admitted that a security error in its developer API allowed hackers to get the e-mail addresses and phone numbers of six million accounts. The hackers later sold the data in exchange for bitcoins. Only months later, Instagram, which now has more than a billion users, has reduced access to its APIs to limit the number of requests that apps and developers can make on the platform.
Meanwhile, Facebook, owner of Instagram, said:
We are examining the problem to see if the described data, including numbers and e-mails, came from Instagram or other sources, is stated in a statement, we are also asking Chtrbox to understand where these data come from and how they became publicly available.