Instagram data stored insecurely

Instagram is investigating how contact details of almost 50 million of its users were stored online in an unsecure database.

Security researcher Anurag Sen discovered the database and alerted online publication TechCrunch in an effort to find the owner and get the database secured.

The database, hosted by a third party in the cloud, was left exposed without a password. It contained information scraped from millions of Instagram influencers, celebrities and brand accounts. This included private contact information, and public data such as profile pictures and bios. The database also contained an estimate of the financial value of each account, based off the number of followers, engagement, reach, likes and shares they had.

It has been traced back to Mumbai-based social media marketing firm Chtrbox.

The database has now been taken offline. Facebook, which owns Instagram, has said: “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”