Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Unsecured database exposed private information of millions of Instagram influencers

Last updated

An unsecured database thought to be owned by a Mumbai-based social media marketing firm exposed the personal information of millions of Instagram influencers, including those not affiliated with the company.

Discovered by security researcher Anurag Sen, the insecure database was hosted by Amazon Web Services without a password, allowing anyone with knowledge of its location to view private details attached to at least 49 million records, reports TechCrunch.

An investigation by the publication led back to Chtrbox, a social media marketing firm that seeks out and pays popular Instagram users for sponsored posts. The company has since removed the database that included a comprehensive list of influencers and their respective bio, location, follower count and in some cases telephone number and email address details.

The database appears to be legitimate, as the publication successfully contacted a number of account holders on the list.

Chtrbox, like other marketers in the field, uses the gathered particulars and other metrics to calculate account value, which in turn dictates prices paid for sponsored posts. How it obtained private account information is unclear, though it seems the company was indeed able to scrape data from the social networking service. Two unnamed users confirmed their phone numbers and email addresses, but noted no affiliation with the marketing firm.

It is unknown how long the records remained online before Sen's discovery.

"We're looking into the issue to understand if the data described - including email and phone numbers - was from Instagram or from other sources," Instagram owner Facebook said in a statement. "We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available."

Instagram faced a similar issue in 2017 when hackers exploited a bug in the platform's developer API to obtain the phone numbers and email addresses of high-profile account holders.



11 Comments

chasm 10 Years · 3624 comments

The problem here is that nobody goes to jail, nor does the company face scads of civil lawsuits and massive fines for this behaviour ... which assures that it will continue.

robin huber 22 Years · 4026 comments

Since I find that “influencers” are pimps for mindless consumerism, having their privacy violated is fine with me. They need to get productive jobs. 

lkrupp 19 Years · 10521 comments

Who cares anymore? I mean really, who cares? By now we should all know that if you are on any social media your life story is an open book. And anything you post on social media can come back and bite you in the ass at any time. Your name, your email, maybe even your home address is out there, somewhere, for the picking.

apple ][ 13 Years · 9225 comments

Good, I’ve always thought that an “influencer” was a really dumb thing to be. I’ve certainly never been influenced by any influencer, quite the opposite.

And anybody who is still on Facebook or any of their other companies can’t really complain about whatever happens and will continue to happen in the future.