Instagram influencer data taken offline after exposure
Instagram influencers make their lives public. Now an exposed database appears to have added to the information available about them.
Account data for 49 million Instagram users, including influencers and brand accounts, was exposed online, according to a report by TechCrunch. The records, which an independent researcher found had been publicly viewable since at least May 14, included public data that seemed to be scraped from Instagram users’ profiles, as well as private data like phone numbers and email addresses.
The database belonged to Chtrbox, an Indian marketing company that links influencers to brands that want to advertise their wares.
Independent cybersecurity researcher Anurag Sen found the data on the Shodan search engine, which indexes internet connected devices and servers. Sen said the database is no longer visible to the public. It’s one more exposure of an inadequately secured cloud database — a problem that’s grown bigger as more and more companies put sensitive data on cloud servers without the expertise needed to lock the data down.search for exposed databases and try to get companies to secure them, such as a cache of demographic information on removed in April.
Chtrbox said in a statement that the database was exposed for 72 hours, and the data wasn’t private. “This database did not include any sensitive personal data and only contained information available from the public domain, or self reported by influencers,” the company said.
The data is for internal use only, and isn’t sold, Chtrbox said in its statement, adding that the data doesn’t come from hackers or data breaches. The company didn’t respond to a follow-up question on whether it scrapes public data from Instagram accounts, a practice Instagram prohibits in its terms of service.
Instagram said it is investigating the incident.
“We’re looking into the issue to understand if the data described — including email and phone numbers — was from Instagram or from other sources,” an Instagram spokeswoman said in a statement. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
The Chtrbox website says it has more than 184,000 Instagram influencers as clients, which is far fewer than the millions of records reportedly found on the database.
It’s not the first time Instagram accounts have leaked information on high-profile users. In 2017, hackers took advantage of a software bug in the photo sharing app to find phone numbers and contact information for celebrity users.
Mark Risher, head of account security at Google, said celebrity Instagram users might be at risk if hackers got their hands on their private email addresses. He recommended Gmail users check their security settings through the Google Security Checkup and also set up extra login protections including prompts and the.
“Given the high-profile nature of some of these accounts, attackers may try to break into the email accounts as a means to impersonate the legitimate account holder,” Risher said.