Instagram recently reports a privacy breach affecting millions of influencers’ personal information. News sites report that the huge data breach left millions of Instagram influencers, celebrities, and brand accounts information available to the public.
The data breach of the photo-sharing app comes only two years after admitting that the company has encountered a security bug in its developer API. Hackers of the website were able to acquire email addresses and phone numbers from six million accounts.
A Closer Look
The photo-sharing app is hosted by Amazon Web Services (AWS). Tech Crunch reports that over 49 million records were made available to the public at the time of writing, with the database information constantly growing. Reports state that the database can be accessed without a password.
Each record contained personal information from influential Instagram accounts, including the user’s profile picture, bio, and the number of followers. In addition to this information, the database records also showed the account verification and the influencer’s location by city and country, as well as the email address and phone number associated with the account.
More than the private information being made available to the public, the record found in the database also provided a calculated worth of each account. The worth of each is reported to be computed from the number of followers, likes, shares, as well as engagement.
Security Researcher Anurag Sen has discovered the vulnerability of this information, immediately reporting the incident to Tech Crunch in an attempt to secure the database.
Full Company Responsibility
According to BBC, the database belongs to a company named Chtrbox. Known for paying influencers to post sponsored content, Chtrbox responds that it has not resulted in extreme and unethical means of obtaining data.
The company has since taken the database offline.
Meanwhile, Facebook, who also owns Instagram, has already informed news sites that has its efforts are geared towards finding the source of the data breach. In a report from BBC, Facebook said that “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
Following yet another privacy data breach incident, Kevin Gosschalk of Arkose Labs urged organizations to improve their database protection, thus preventing destructive attacks on the company and the individuals involved.