A database that included more than 49 million Instagram users, including influencers and celebrities, was published without a password or any security measures. Basically, it was laying on a silver platter waiting for any cybercriminal to get their hands on it. A safety researcher found the Instagram user database, which included the private information of millions of brands, celebrities, and influencers.
According to Anurag Seg, the safety researcher who discovered the error, the database was stored in an Amazon Web Services server without any type of safety or protection. Anyone with access to that URL could have accessed the personal and contact information of millions of influencers, brands and celebrities with an account in Facebook’s popular photo social network.
According to the information available, the unprotected database was owned by Chtrbox, an India based marketing company. TechCrunch, a specialized media source contacted the company after they verified the information was real. However, Chtrbox didn’t explain how they obtained such information. The database has since been removed.
Personal and company information
The database, which was constantly updated, included each user’s biographical information, profile picture, number of followers, location, email address and a phone number associated with their Instagram account. It also included whether it was verified by the app or not.
Besides personal information, the database included all the necessary information to do business with them: each account’s worth depending on the number of followers, its reach, the number of likes and its impact. It also included the amount that each influencer needed to be paid per ad in their Instagram profile.
Facebook is currently investigating the situation in order to figure out if this was an Instagram security problem or the database was obtained through third-parties.
Instagram for Android available in Uptodown [APK] | Download