We’re living in times when privacy is almost nonexistent. More and more scandals arise following Facebook Cambridge Analytica data scandal in 2018. This time we have found another security breach from a Facebook-owned app – Instagram.
Anurag Sen, a security researcher, found a database hosted by Amazon Web Service that contains more than 49 million private contact data of millions of famous Instagram users. The database contains email addresses and phone numbers of users without any kind of password or security system to access them.
The record also contains detailed information on each Instagram account, such as the number of followers, verified status, bio, profile picture, etc. The database was traced back to a social media company in Mumbai called Chtrbox.
The company works with Instagram users to promote their content and the records could have been used by them to determine how much they should pay each user.
The information disclosed on Chtrbox are actual private information of Instagram users, some of which are high-profile food bloggers, beauty influencers, etc. Pranay Swarup, owner and CEO of Chtrbox remained tight lipped regarding the issue and the database has been offline 12 hours ago.
Previously, Instagram experienced a major bug in their API that allowed 6 million users’ private data stolen in 2017 and sold for bitcoins. Currently, Facebook is looking into the incident:
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”