Update (24 May): This article now includes updated comments from Instagram and Chttrbox
A trove of Instagram user information, including high-profile influencers, have been found stored online in an unguarded database.
TechCrunch that emails and phone numbers of users were exposed and that the database was linked to Chtrbox, a Mumbai-based marketing company.
Instagram said private numbers and emails were not 'scraped' from the platform's API and that they would have come other sources. Publicly available information, such as a user's 'likes' can be scraped, such as their name, bio and number of followers.
The database reportedly contained more than 49 million records and was reportedly stored on an Amazon server that was not protected with a password. Chtrbox has disputed the number of people affected and claimed no more than 350,000 influencers were affected. It also said the database was only open for 72 hours.
As well as private information, the records had included data about the users, such as their Instagram biographies, the number of followers they have and their location by city and country. This information is used by brands to determine how much they could pay an Instagram celebrity or influencer to carry out a sponsored post.
Scraping private information is a violation of the terms and conditions set out by Instagram, which is owned by Facebook. However, there are many online Instagram-scraper tools that are promoted throughout the internet and easily findable with a search engine.
An Instagram spokeswoman said: "We take any allegation of data misuse seriously. Following an initial investigation into the claims made in this story, we found that no private emails or phone numbers of Instagram users were accessed. Chtrbox's database had publicly available information from many sources, one of which was Instagram."
Post-Influencer Culture: read our special report on what the future holds for influencer marketing
.jpg)
.jpeg)
