[ad_1]
A massive database containing millions of Instagram contact information influencers, celebrities and brand accounts were found online.
The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had more than 49 million records, but it grew every hour.
After a brief review of the data, each record contained public data extracted from influencers' Instagram accounts, including their biography, their profile picture, the number of their subscribers, if they are verified and their location by city and country, information private contact, such as the e-mail address and phone number of the owner of the Instagram account.
Security researcher Anurag Sen discovered the database and alerted TechCrunch to find the owner and secure the database. We traced the database back to Mumbai-based social media marketing company Chtrbox, which pays influencers for publishing sponsored content on their accounts. Each record in the database contained a record that calculated the value of each account, based on the number of followers, commitment, scope, likes, and sharing that they had . This indicator was used to determine the amount that the company could pay to an Instagram celebrity or influencer for publishing an ad.
TechCrunch has found several prominent influencers in the database exposed, including prominent food bloggers, celebrities and other social media influencers.
We randomly contacted several people whose information was found in the database and provided them with their phone numbers. Two of the people responded and confirmed that their email address and phone number in the database had been used to set up their Instagram accounts. Neither one nor the other had any involvement with Chtrbox, they said.
Shortly after our arrival, Chtrbox put the database offline. Pranay Swarup, founder and CEO of the company, did not respond to a request for comment or to several questions, including how the company obtained the email addresses and phone numbers of private Instagram accounts.
This effort comes two years after Instagram acknowledged that a security bug in its developer API allowed hackers to obtain e-mail addresses and phone numbers from six million Instagram accounts. The hackers subsequently sold the data for Bitcoin.
A few months later, Instagram, which now has more than a billion users, has stifled its API to limit the number of queries that applications and developers can make on the platform.
Facebook, which has Instagram, said it was reviewing the issue. "It is forbidden to delete data of any kind on Instagram," said a spokesman. "We are looking for how and what data was obtained and will share an update soon."
[ad_2]
Source link