Massive online database left MILLIONS of Instagram influencers’ personal information exposed
- A researcher found personal data of millions of influencers in a database online
- The information was available publicly and scraped from social media accounts
- Social media marketing company, Chtrbox appears to be behind the database
- Facebook, which owns Instagram, said it is currently reviewing the matter
A security researcher has discovered a massive online database that exposes the personal contact information of nearly 50 million influencers and brands.
According to a report from TechCrunch, researcher Anurag Sen discovered the database contained the personal contact information of ‘prominent food bloggers, celebrities and other social media influencers.’
Sen alerted the site to the list’s existence in an attempt to find its creator and get it secured, TechCrunch noted.
Millions of Instagram influencers and celebrities personal information was found in an online, and publicly available, database.
TechCrunch reports that the information in the database appears to have been scraped from publicly available social media accounts and was traced back to a social media marketing firm Chtrbox based in Mumbai, India.
Chtrbox, which pays influencers to post sponsored content onto their pages, also included information on what a post with each person listed in the database would cost, including their number of followers, likes, and reach.
In some cases, the influencers included in the database said they had never had any involvement with Chtrbox.
The company has since pulled the database offline and has not responded to any request for comment including those sent by Mail Online.
As noted by TechCrunch, the existence of the list mirrors a data breach dating back two years ago when Instagram acknowledged a flaw in its API that allowed hackers to obtain the personal information – including email addresses and phone numbers – of 6 million users.
That data also contained personal information of a swath of well-known celebrities including Kim Kardashian and Taylor Swift.
Hackers later sold that information to users of the dark web, offering inquiries into its database for $10 per search.
Facebook said it is reviewing the issue but Chtrbox has yet to respond publicly about the database.
Celebrities, influencers, and other social media personalities in the public eye have proven to be particularly vulnerable to ‘doxxing’ – when hackers find and publish private information – as well as other attacks on personal information, including an infamous iCloud hack in 2014.
The attack on celebrities’ iCloud exposed intimate personal photos of 240 celebrities and eventually lead to the arrest of four hackers. In 2018, the last of the four hackers involved in the attack was sentenced by a judge to serve 18 months in prison.
Facebook, which owns Instagram, told TechCrunch that it is reviewing the matter.
‘We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,’ Facebook told TechCrunch in a statement.
‘We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.’
HOW CAN YOU DOWNLOAD YOUR DATA FROM INSTAGRAM?
Instagram in April launched a ‘Data Download’ tool. It lets Instagram users download a copy of all the content they’ve uploaded on the platform.
That includes data such as photos, videos, Stories, profile info, comments and messages.
To access the Data Download feature, open the Instagram website on your desktop browser.
From there, navigate to your profile, then click on the gear icon and select ‘Privacy and Security’.
Scroll down the Privacy and Security page until you get to the ‘Data Download’ section and click on ‘Request Download’.
Until now, Instagram has lacked a data portability tool and users don’t have the option of saving their photos after they’ve already been posted to the app
Instagram them prompts you to enter an email address in order to access all your data.
The firm noted that it may take up to 48 hours for it to send a download link.
Until now, Instagram has lacked a data portability tool and users don’t have the option of saving their photos after they’ve already been posted to the app.
That’s despite Facebook introducing a similar feature, called the Download Your Information tool, in 2010.
Importantly, the tool lets users control the data they’ve uploaded to the platform, but not necessarily all the data Instagram has collected on them.
Thus far, users have been forced to use potentially unsecure or scammy third-party apps to download their data from Instagram, via apps like Instaport.