Instagram data privacy enabled location tracking of millions of users

Instagram

Instagram allowed a trusted advertising partner to harvest huge swathes of user data to create detailed files on account holders’ physical locations and personal bios, news reports reveal.

According to Business Insider, the information was put together by Hyp3r, in contradiction of Instagram rules and without the popular photo-imagery app’s knowledge.

This week, Facebook-owned Instagram instructed Hyp3r to stop the practice, confirming that it was in violation of data privacy rules. In a statement, a spokesperson for Instagram said:

“HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.”

The news will come as another shockwave following the Facebook Cambridge Analytica data quake that continues to rock consumer privacy. Recently released on Netflix, The Great Hack, exposes how Cambridge Analytica harvested the personal details of up to 83 billion individuals to fuel political ad campaigning in the run-up to the 2016 presidential elections.

Facebook-owned Instagram is run as a separate business, and has been relatively unaffected by the storms of global criticism its parent company has endured since the Cambridge Analytica scandal broke in March of last year.

Distance between the two entities will shrink fast as the world learns that Instagram is a chip off the old block when it comes to safeguarding user privacy.

Although the scale of the data harvested by Hyb3r has not yet been precisely quantified, the company has said it has “a unique dataset of hundreds of millions of the highest value consumers in the world,” with rumours suggesting that 90% of its information comes from Instagram.

As reported by Business Insider, a former Hyp3r worker said:

“For [Instagram] to leave these endpoints open and let people get to this in a back-channel sort of way, I thought was kind of hypocritical. It takes very little effort for Instagram to protect the location data accessed by Hyp3r. Why they haven’t done it remains a mystery.”

The firm’s CEO, Carlos Garcia, said:

“HYP3R is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/