First Facebook, then Samsung and now Instagram?
Yesterday, an Instagram database was found on Amazon web services without any security. The database consisted of 49 million records which included contact information, phone numbers, emails, etc. for Instagram influencers, celebrities, and brands. Some of the records even had the net worth of influencer accounts and the location of the accounts.
The data was clearly scraped from Instagram, which is prohibited according to Facebook.
The data was just lying around on Amazon web services without any security until a researcher, Anurag Sen, found the database.
Sen traced back the data to a company in India called ‘Chtrbox (Chatterbox Technologies Private Limited)’. The company collaborates with brands and influencers to help them grow via sponsorships. They pay influencers to shared sponsored content and also have business in content development. Thus, all the scraped data discovered on Amazon makes sense.
It seemed like the database was a storage space for an ongoing scraping process since the records were growing by the hour.
After Sen contacted TechCrunch, Chtrbox didn’t take long to take the database offline but they have refused to comment on the matter. The CEO is not responding to questions.
On the other hand, Instagram’s parent company Facebook has issued a statement saying,
We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.
TechCrunch found several high-profile influencers’ data on the records as well. Some of them were contacted to confirm whether the phone number and the email address was authentic.
Two of the influencers responded and confirmed that the mentioned email address and phone number was used to set up the account.
Not The First Time
This is not the first time something like this has happened with Instagram. In 2017, a software bug allowed in the developer API allowed hackers to gain access to 6 million Instagram accounts. After the incident, Instagram labeled ‘crawling’ and ‘scraping’ illegal.
It is high time for social media platforms to do a thorough internal investigation to root out any other potential vulnerabilities.