The leaked database was discovered on Shodan on May 14th.
A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles including those of influencers and brands has reportedly been discovered by security researcher Anurag Sen.
The affected individuals include famous food bloggers and celebrities too apart from social media influencers. This database, which belongs to Chtrbox reportedly contains 49 million records was hosted on AWS (Amazon Web Services) and got exposed because it wasn’t protected with a password.
Chtrbox is a Mumbai-based marketing firm that connects social media influencers to brands looking to market their products.
Every single record in the exposed database contains data belonging to social media influencers’ accounts and in some cases, even the account location is also mentioned. Each account has different worth depending on the number of followers, reachability, and engagement on the platform.
Zack Whittaker of TechCrunch contacted Chtrbox to inform about the exposed database, and it was eventually removed. It must be noted that Anurag claimed to discover the exposed database on Shodan on May 14th but in a statement issued by Chtrbox stated that the database was only exposed for 72 hours and contained no personal data.
Whittaker also tweeted on Chtrbox’s statement and called it “inaccurate.”
Actually, it was first detected on Shodan on May 14, so this isn't accurate at all. https://t.co/O4bfivcR9y
— Zack Whittaker (@zackwhittaker) May 21, 2019
On the other hand, the Instagram spokesperson stated that they are figuring out the issue in order to understand whether the data actually is of Instagram accounts or of other sources.
“We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available,” the spokesperson told TechCrunch.
Whittaker claims that the information in the database must have been scraped from various publicly available social media accounts as it also included data such as the cost of a particular post and number of likes, etc. Moreover, some of the influencers claim that they aren’t associated with Chtrbox.
Facebook, which owns Instagram, told TechCrunch that it is reviewing the matter. It is worth noting that Instagram doesn’t allow account scraping while Chtrbox claims that its client base boasts of over 184,000 Instagram influencers. This number is much less than the number of records found in the exposed database.
Previously, hackers were found compromising and holding several Instagram influencers accounts for ransom – In the other case, personal data of top celebrities on Instagram was stolen and traded online while several dark web marketplaces were also seen selling Instagram data of 6 million celebrities.