© CNET A phone displaying the Instagram logo rests on the keyboard of a laptop. |
By Laura Hautala, CNET
Instagram influencers make their lives public. Now, an exposed database appears to have added to the information available about them.
Account data for 49 million Instagram users, including influencers and brand accounts, was exposed online, according to a report by TechCrunch. The records included public data that seemed to be scraped from Instagram users' profiles, as well as private data like phone numbers and email addresses.
According to the report, the database belonged to Chtrbox, an Indian marketing company that links influencers to brands that want to advertise their wares. Chtrbox didn't respond to a request for comment.
"We're looking into the issue to understand if the data described -- including email and phone numbers -- was from Instagram or from other sources," an Instagram spokeswoman said in a statement. "We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available."
Instagram prohibits scraping accounts in its terms of service. The Chtrbox website says it has more than 184,000 Instagram influencers as clients, which is far fewer than the millions of records reportedly found on the database.
It's not the first time Instagram accounts have leaked information on high-profile users. In 2017, hackers took advantage of a software bug in the photo sharing app to find phone numbers and contact information for celebrity users.
Independent cybersecurity researcher Anurag Sen found the data, according to TechCrunch, which also said the database is no longer visible to the public. It's one more exposure of an inadequately secured cloud database -- a problem that's grown bigger as more and more companies put sensitive data on cloud servers without the expertise needed to lock the data down. Researchers around the world search for exposed databases and try to get companies to secure them, like a cache of demographic information on 80 million US households removed in April.
Mark Risher, head of account security at Google, said celebrity Instagram users might be at risk if hackers got their hands on their private email addresses. He recommended Gmail users check their security settings through the Google Security Checkup and also set up extra login protections including prompts and the Advance Protection Program.
"Given the high-profile nature of some of these accounts, attackers may try to break into the email accounts as a means to impersonate the legitimate account holder," Risher said.