A Data Breach Exposed Millions of Instagram Influencers’ Private Contact Information

What Happened?

A database, hosted by Amazon Web Services, contained over 49 million public records of contact information for celebrities, influencers, and brand accounts.

According to TechCrunch, the records contained both public information scraped from Instagram accounts, and private information including email addresses and phone numbers.

Who Is Responsible?

TechCrunch was able to trace the database back to Chtrbox, a social media marketing firm that pays influencers to post sponsored content. 

TechCrunch confirmed with several exposed users that the contact information on the database was originally used to set up their Instagram accounts and that they had never been in contact with Chtrbox.

Chtrbox removed the database after TechCrunch contacted them; however, they did not respond with any comments. 

What Now?

Facebook, which owns Instagram, is looking into the matter and investigating the security concerns.

In a statement, Facebook said, “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources.”

Facebook added, “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

This incident comes two years after the Instagram security bug that allowed hackers to gather the private contact information of six million Instagram accounts.