A database containing contact information for millions of influential accounts of celebrities and brands on Instagram was found online. The database, hosted by Amazon Web Services, was left exposed without a password. At the time the article was written, the database had more than 49 million records.
According to TechCrunch, each record contains public data about Instagram's influence accounts, including profile description, profile image, tracking number, if you have a verified account, location, and private contact information – such as your email address -mail and phone number of the Instagram account owners.
The database was discovered by cyber security expert Anurag Sen, who warned of the publication of technology in an effort to find the owner and protect the data.
Journalists followed the database, finding that belongs to a marketing company in Mumbai, India – Chtrbox – that pays the influences to load the sponsored posts in your accounts.
Each entry in the database contained a calculation based on the number of trackers, the level of engagement, the range, and the number of tans they had, which determined the value of each Instagram account. Depending on this calculation, the Indian company decided how much they paid for the influence.
Several people whose information was found in the database were contacted and confirmed that it was their email addresses and phone numbers used to set up their Instagram accounts. However, they said they had no connection to Chtrbox in India.
Soon after TechCrunch contacted the company in Mumbai, Chtrbox removed the database online. Pranay Swarup, the founder and director of the company, declined to comment on the situation and did not provide details of how the company obtained the private email addresses and phone numbers of Instagram accounts.
The situation comes two years after Instagram recognized a security bug in the Developer API, which allowed hackers to get email addresses and phone numbers for 6 million Instagram accounts. Hackers sold bithoin data, writes DailyBeast.com.
After this incident, Instagram – which currently has more than 1 billion users – has modified the API to limit the type of information that other applications or developers may require on the platform.