Instagram has accidentally leaked the private information of 49 million of its users including major influencers and bloggers.
A huge database containing details about celebrities, influencers and brand accounts was recently discovered online and anyone could access it.
How was the leak discovered?
Security researcher Anurag Sen discovered the database and alerted TechCrunch in the hope that some action would be taken to make all this information secure.
It was easily discovered because it was hosted by Amazon Web Services and did not require a password before viewing.
When it was first discovered it contained the information of around 49 million Instagram users but that number was growing by the hour.
TechCrunch traced the database back to Mumbai-based social media marketing firm Chtrbox, which has now taken the database offline.
Who has been affected by the Instagram leak?
Chtrbox is a company that pays influencers to post sponsored content on their Instagram accounts.
The database appears to have been made my Chtrbox to work out how much it should pay an influencer based on the number of followers, engagement, reach, likes and shares they have.
Because of this, it’s thought that only people with a substantial amount of followers and those who post sponsored content could have been affected, including prominent food bloggers and celebrities.
What kind of information was leaked?
The database contained public data taken from influencer Instagram accounts, including their bio, profile picture and their number of followers.
In addition to this, it revealed their location and private contact information including email addresses and phone numbers.
Some of the celebrities in the database confirmed that their information had been leaked despite them never having any contact with Chtrbox.
Has Instagram commented on the situation?
Facebook, which owns Instagram, released a statement which read: “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources.”
“We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
A Facebook spokesperson has since told us: “We are investigating whether a third party improperly stored Instagram data, in violation of our policies.”
“It’s also not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram.”
“Regardless, the possibility of third parties mishandling user data is something we take seriously, which is why we’re quickly working to understand what happened.”
Martin Jartelius, CSO of cyber assessment company Outpost24 said: “The latest incident affecting Instagram seems to be a supply chain security issue, where one of the social media platform’s suppliers failed to apply security to a database of Instagram accounts.
“However, even though the incident didn’t happen within Instagram’s own network, it doesn’t make the company any less responsible.”
“When an organization needs to outsource or run a partnership with a third-party, it’s their responsibility to ensure it does not put their customer data at risk. They must understand how the data will be held and ensure the third-party’s security standards are equal to their own.”
“In this case, it seems that Instagram failed to do this and, as a result, have put their customers’ data at risk.”
Credit: Source link