If you’re a company that wants to work with social media influencers, you probably would be very careful about your database and you would also want to protect the personal data of the people that you want to work with you and your clients. But apparently a social media marketing firm in India didn’t get that memo and a massive database that has millions of Instagram influencers’ information has been floating around the Internet and anyone who knows where to look could have accessed it.
TechCrunch reports that security researcher Anurag Sen contacted them when he discovered that a database hosted on Amazon Web Services had the information about the Instagram accounts of millions of celebrities, influencers, and even brand accounts. Anyone could access it at that time and upon verification with some of those listed, they are indeed the correct information about these accounts.
Some of the data was scraped from the Instagram accounts, like bio, profile picture, number of followers, verification status, etc. But what makes it dangerous is that there was also their private contact information like email address and phone number as well as their city and country location. The contact info was what they probably used when they signed up for their account, so there is some internal leak going on there as well.
The database was traced back to a Mumbai-based social media marketing firm called Chtrbox and their main business is to pay influencers to post sponsored content on their Instagram accounts. The database also had records of how they calculated the worth of each account so as to determine how much they need to pay specific influencers to post ads of their clients.
After TechCrunch contacted Chtrbox about this issue, the database became offline but they didn’t respond to any request for interview or even just an official statement. If you remember, two years ago, Instagram admitted to having a security bug that let hackers get the email address and phone numbers of around six million users. Some of the data from that probably ended up in the Chtrbox database as well.