Instagram has accidentally leaked millions of its users personal details.
A huge database containing the details of its users was found online, where anyone could access it.
What information was leaked?
Having been reviewed by TechCrunch, the database appeared to contain already publicly available information, such as bio, profile picture, number of followers, verification status and location of Instagram users.
However, the database was found to also expose details that should have been kept private, such as the email address associated with the account and the user’s phone number.
The breach was discovered by security researcher Anurag Sen, who then alerted TechCrunch. The database was traced back to a social media marketing firm Chtrbox, based in Mumbai.
Who was targeted?
People affected by the leak were those with a large following, or those who posted paid for advertorial content, so primarily bloggers, influencers and celebrity accounts. This is because Chtrbox is a company that pays influencers for posting sponsored content on their accounts.
TechCrunch found that the database contained calculations that figured out the worth of each account. The database took into account factors like the number of followers each account had, their rate of engagement, the number of likes and shares they brought in as well.
TechCrunch said, “This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.”
What did Chtrbox say?
In reference to the leak, Chtrbox said, “Claims that Chtrbox is responsible for leaking information of millions are downright impossible and false.”
They say: “In the three plus years of operations, we have never had data of over 350,000 influencers.”
However they do confirm that a leak did occur.
“This particular database of limited influencers was inadvertently left unsecured for approximately 72 hours,” Chtrbox said.
“As soon as we discovered the database vulnerability, we took immediate corrective action to secure the limited exposure.”
This article originally appeared on our sister site Edinburgh Evening News