Huge amount of Instagram records has been exposed by Anurag sen a security researcher. Instagram was so far clueless on how this unsecured profile ended up online. The Instagram data included user bios, profile pictures, followers’ numbers and location. This information is viewable online. According to online tech publishing firm, which incidentally, broke the story. It was believed to be perpetrated by a 19-yr. old from Nova Scotia,
The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. the database had over 49 million records — but was growing by the hour. From a brief review of the data, each record contained public data scraped from influencer Instagram records account, including their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country, but also contained their personal contact information, such as the Instagram account owner’s email address and phone number.
Chtrbox pulled the database offline shortly after they found about the incident. Pranay Swarup, the company’s founder and chief executive, did not respond to a request for comment and several questions, including how the company obtained personal Instagram account, later in a tweet, Chtrbox disputed the number of people involved and claimed no more than 350,000 influencers were affected. Chtrbox also said database was only open for 72 hours, but the researcher confirmed the database was first detected on Shodan, a search engine for exposed databases and devices, on May 14.
This is not the first time something like this has happened with Instagram. In 2017, a software bug allowed in the developer API allowed hackers to gain access to 6 million Instagram accounts. After the incident, Instagram labeled ‘crawling’ and ‘scraping’ illegal. It is high time for social media platforms to do a thorough internal investigation to root out any other potential vulnerabilities.
Facebook contested the report, citing“We take any allegation of data misuse seriously. Following an initial investigation into the claims made in this story, we found that no private emails or phone numbers of Instagram users were accessed,” said an Instagram spokesperson. “Chtrbox’s database had publicly available information from many sources, one of which was Instagram.
Data breach such as this has left users more vulnerable to targeted phishing attacks and could deepen unease about posting to a service whose privacy, moderation and security practices have been called into questioned.