Unsecured database exposed personal data of 6 million Instagram influencers and celebrities
A security researcher discovered a massive unprotected database online that exposed personal contact information of almost 50 million influencers and brands on Instagram, according to a report from TechCrunch.
Anurag Sen, a security researcher, found the database hosted on an Amazon Web Services (AWS) server without any password protection on the data, which included private emails and phone numbers of ‘prominent food bloggers, celebrities and other social media influencers.’
After discovering the database, the security researcher reached out to TechCrunch for help in order to track down the owner of the database and get it secured. The publication traced the database to a social media marketing company named Chtrbox based in Mumbai, India, which pays influencers to post their clients’ sponsored content onto their pages.
Besides containing publicly available information found on Instagram, such as names, pictures, and the number of followers, it also contained an estimated “worth” of each person listed in the database based on routine metrics like the number of followers, likes, shares, reach and other info.
The database was pulled offline shortly after Chtrbox was contacted by TechCrunch. Also, affected Instagram account were contacted and informed about the breach.
Facebook, which owns Instagram, told TechCrunch that “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”