Private data and personal information of more than 49 million members of social media platform Instagram were inadvertently left exposed. The large database included details of several celebrities, influencers, and brands. The company responsible for the exposure of sensitive personal information was Chtrbox, which offers a platform to run paid campaigns and sponsorships.
Chtrbox, a platform which connects Instagram influencers with high follower count to brands looking for organic promotion, had left a large database of its members exposed online. All the members have at least one Instagram account. The Facebook-owned image-driven social media platform is believed to be actively investigating the unintentional data breach.
The large database of 49 million Instagram users included several celebrities, influencers, and brands. The breach involved both personal and public information. Public information such as user bio, profile picture, location, number of followers, as well as personal or private information including mobile numbers, email ids, amounts transacted lay exposed on an Amazon Web Services or AWS server without a secure password. The entire database belonged to Mumbai-based influencer marketing agency Chtrbox.
A cybersecurity researcher first reported the data breach to TechCrunch. Interestingly, the exposed information allegedly contained details of “high-profile accounts of popular Indian celebs and bloggers.” As far as security is concerned, the data was not hacked. In other words, the security was not compromised. Hence it is quite likely that only a few data engineers who knew where to look knew about the same.
Taking cognizance of the same, Chtrbox has evidently pulled down the database from the AWS server. Speaking about the data breach, an Instagram spokesperson said, “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
Chtrbox has yet to officially issue any statement on the data breach. However, it appears the exposure was not intentional. Chtrbox works with influencers from other social media platforms that have a large follower count. The company’s primary source of revenue is through connecting powerful social media influencers to brands looking for paid or sponsored promotion. Official figures claim the platform has more than 180,000 users.
Chtrbox apparently counts TikTok, the viral video-sharing app as one of its partners. According to the company, “it helps influencers earn campaigns and sponsorships from the best of brands and agencies.”