The photo-sharing platform is questioning how the contact details of nearly 50 million of its users came to be stored on an unprotected web database.
According to TechCrunch, which ran the story first, the personal and private data of high profile social media “influencers” were among the information compromised. The data included records such as names, email addresses and phone numbers.
Speaking to the BBC, Facebook-owned Instagram said it is now looking into the matter and trying to discover where the data came from. The database itself has been tracked back to a company named Chtrbox which is headquartered in Mumbai.
The database was held on an Amazon server which had no password protection, leaving it unguarded. The situation was passed on to TechCrunch by a researcher working at the facility.
In a statement, Instagram said:
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources.
“We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
In the initial TechCrunch report, it was revealed that the information put at risk also included of many account holders.
The database has now been taken offline. Chtrbox are yet to make an official response to the situation.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/