49 Million Instagram Users’ Private Data Exposed

The private email and phone numbers and contact info for more than 49 million Instagram Influencers was uncovered in an unprotected, unencrypted database hosted on Amazon Web Services. The Influencers, the social media term for accounts with many followers, include celebrities and International brands.

A New Week, A New Facebook Data Breach

Just last week we stated that the frequency of data breaches by Facebook and it’s subsidiary companies like Instagram is becoming so commonplace that its demonstrating a pattern. A pattern of willful inattention on the security needs of its users and neglect or worse. Now we see yet another massive data breach exposing the personal information of tens of millions of Instagram users. What’s worse, these are not just random users, but the kinds of celebrities, popular individuals, and corporations whose identities have particular value to others or who might attract stalkers or those who might seek to defame or blackmail them.

On Monday, TechCrunch revealed that a researcher named Anurag Sen had discovered an online database on Amazon’s AWS hosted cloud service with the names and phone numbers of 49 million Instagram Influencers. The term Influencer refers to the large following these individuals or brands have and their ability to attract and sway public opinion. Think of a film star or the movie studio she works for.

The database did not have any password protection and the data itself was not encrypted allowing anyone to have access to it and once they accessed it, to have the full ability to read and download the data. TechCrunch and Sen were able to trace ownership of the database to Chtrbox a Mumbai, India based social media marketing company. Chtrbox is just one of many companies that pay Influencers to promote other products and brands by talking about them in their Instagram posts. The database included proprietary Chtrbox information including calculations of how much each Influencer was “worth” in terms of their number of followers and other key metrics related to improving sales.

Facebook Investigating Exposed Private Information

Armed with what appeared to be the private information of several million celebrities, TechCrunch reached out to several of them to verify whether this information was correct and confirmed from several of them that it was. Disturbingly, several indicated that they had no prior interaction with Chtrbox and did not know how the Indian company had obtained their personal contact information. Chtrbox removed the database from AWS and has not responded to media requests for comment.

Facebook has had well publicized experienced with companies like Cambridge Analytica using web-scraping techniques to cull tens of millions of Facebook users’ account data for its political campaign research. Facebook is looking into whether similar techniques were used by Chtrbox to inappropriately harvest the email and phone number data from the millions of Instagram Influencers’ accounts without their knowledge.

So, what should you do?

As we have said before, Facebook has almost weekly data breaches of its main application and its various properties. Even its encrypted messaging application WhatsApp has proven vulnerable to serious hackers. The truth is that all apps and especially all social media expose the user to significant risk. The apps risk acting as an open door to any device they are installed on, allow an third party to spy on or gain unfettered access to that device and its data. The social media tools expose all the activity and data you provide to them with the hackers who gain access to their databases.

Next Steps

At MyProfyle, we believe this threat is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.



Interesting Engineering

Did You Find This Post Interesting?

Join our email list to get the latest blog posts sent to you