The news was first reported by the TechCrunch website, a database was left unprotected on an AWS bucket, anyone was able to access it without authentication.
The unprotected database was discovered by the security researcher Anurag Sen that immediately reported its discovery to TechCrunch in an effort to find the owner.
“At the time of writing, the database had over 49 million records — but was growing by the hour.”
The database contained public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers, have, if they’re verified, their location by city and country, private contact information, the email address and phone number of the Instagram account owner.
Each record in the database also contained a field that calculated the worth of each account.
The list of influencers in the archive includes prominent food bloggers, celebrities and other social media influencers.
According to TechCrunch, the database belongs to India-based social media marketing firm Chtrbox, which pays
Strangely two people contacted by TechCrucnh that confirmed the authenticity of the data in the archive denied any involvement with Chtrbox.
“We contacted several people at random whose information was found in the database and provided them their phone numbers. Two of the people responded and confirmed their email address and phone number found in the database was used to set up their Instagram accounts.” continues the website. “Neither had any involvement with Chtrbox, they said.”
TechCrunch contacted Chtrbox that secured the database, but it is not clear how the company obtained those data.
Facebook, that currently owns Instagram, announced it is investigating the incident.
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,” reads a statement from Facebook. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available,”