Data of at least 49 million Instagram accounts, including phone numbers and email addresses, was available on the internet for more than 72 hours since May 14, TechCrunch reported.
TechCrunch traced the leaked database to a Mumbai-based social media marketing firm ChtrBox, which links influencers to brands that want to advertise their products. After an alert by the technology news publisher, ChtrBox had secured the database.
However, ChtrBox has been denying the allegations on data breach as “inaccurate”. In a statement, ChtrBox said: “This particular database of limited influencers was inadvertently left unsecured for approximately 72 hours. As soon as we discovered the database vulnerability, we took immediate corrective action to secure the limited exposure.”
Chtrbox didn’t respond to our query on how their data was left “unsecured” remained unanswered.
According to TechCruch’s review of the leaked database of 49 million records, when the database was still available for public on internet, each record contained “public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers they have, if they're verified and their location by city and country, but also contained their private contact information, such as the Instagram account owner's email address and phone number”.
When TechCruch contacted several people randomly from the leaked database, two people confirmed that their email IDs and phone numbers were used to set up Instagram account.
Reportedly, sister companies, Facebook and Instagram are probing what went wrong. “It is not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram. Regardless, the possibility of third parties mishandling user data is something we take seriously, which is why we’re quickly working to understand what happened,” Economic Times quoted an Instagram spokesperson as saying.
Chtrbox, on its website, says that it has over 1,84,000 influencers.
Reportedly, one independent cybersecurity research Anurag Sen found the “database on the Shodan search engine, which indexes internet connected devices and servers”. Sen told CNet that this data breach is “one more exposure of an inadequately secured cloud database – a problem that's grown bigger as more and more companies put sensitive data on cloud servers without the expertise needed to lock the data down”.