A massive database which contained all the contact information of all the millions of Instagram celebrities, influencers and brand accounts has been found online. This database is hosted by a company called Amazon Web Services was available online in the exposed state without any kind of password. This is the reason why people can look at what was there inside the document. When this was written, there were about 49 million records available and it was growing as time went by.
In the data, there was record available on all the public Instagram influencers and Instagram accounts which included the bio, profile picture and then the number of followers they have along with their location and whether they are verified on Instagram or not. The sheet also contained some private contact information like the email address of the Instagram account and the phone number of the person.
Anurag Sen was the Security researcher who ended up discovering the database and alerted TechCrunch so that the owner of the file can be tracked down. The owner of the file was tracked back to a social media marketing firm from Mumbai called Chtrbox. The main work of the agency is to pay influencers to do paid promotions of different brands and services. Each of the accounts which are mentioned in the list also had a detailed calculation on its worth depending on the reach, engagement, likes, shares, and number of followers.
In this exposed database a lot of high profile influencers were exposed which included celebrities, social media influencers, food bloggers and many more.
The people who had their names in the database were contacted and the email id and phone number checked out for all. The influencers also confirmed that they do not have any kind of contact with the company Chtrbox.
After the people started reaching out to Chtrbox the company ended up pulling back the database. The Chief executing officer of the company Pranay Swarup did not respond to request for comment so it is not sure how the company can get a hold of all the private Instagram email addresses and phone numbers.
The scrapping effort was basically two years after Instagram ended up admitting that because of their security bug in the API hackers can obtain all the email addresses and phone numbers of the users. This data was later stolen by hackers from bitcoin.
Instagram now with almost close to a billion users ended up choking the API so that they can limit the number of request application and developers can simply make the platform.
Facebook which is the owner of the application Instagram ended up commenting on the whole situation by saying:
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”