Millions of Instagram influencers leaked contact information


by Luke van Zyl

A database containing millions of influential influencers for Instagram, including official celebrity accounts and corporate accounts, was hosted on Amazon Web Services (AWS) with no password set. It is clear. At the time of writing, more than 49 million personal information items are stored in the database, but the number is increasing.

Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch
https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/


Security researcher Anurag Sen found a database that contained a lot of personal information about Instagram influencers. The database he discovered was not assigned a password, so he could download the data freely if it was successfully accessed. The situation became clear when Sen provided information to the news site TechCrunch.

Mr. Sen checked the information stored in the database and found out the user's email address and phone number, as well as the information that can be obtained from his Instagram account such as Instagram user's history, profile picture, number of followers and location information. It seems that contact information was also included.

TechCrunch's research on the database shows that Chtrbox, a social media marketing company based in Mumbai, has emerged. Chtrbox is said to be a marketing company that advertises the influencers of Instagram with the products of the sponsor company in their own account. TechCrunch notes that the information stored in the database included information that calculated the value of the account based on the number of followers of each influencer, engagement rate, reach rate, number of favorites for posts and number of shares. You are The information seems to have been used as an indicator by Chtrbox to decide how much money to pay for an ad to be posted to an Instagram influencer.

by Gian Cescon

TechCrunch wrote 'The names of some notable influencers from published databases. Notable food bloggers, celebrities, and even influencers on other social media,' noted the database. It pointed out that the name of the influencer was included in it.

In addition, he randomly contacted several people using the contact information stored in the database to confirm that the phone numbers stored in the database were correct. Two of the users contacted us, and it has been confirmed that the phone numbers and email addresses stored in the database are the same as the ones entered at the time of Instagram account creation. In addition, the influencers who were contacted had neither experience working with Chtrbox.

After TechCrunch contacted Chtrbox, the database stored on AWS seems to be offline immediately. TechCrunch has inquired 'How do I get a phone number or email address for my Instagram account?' But at the time of writing this article I have not received a response.

Chtrbox
https://www.chtrbox.com/


Instagram has experienced theft of the user's contact information from API flaws in 2017, and it is clear that over 6 million contact information stolen on the Dark Web has been sold since then It has become

More than 6 million contacts stolen from Instagram are sold for $ 10 per item-GIGAZINE


It is unclear whether the contact information stored in the Chtrbox database is the source of what was sold on the Dark Web in 2017, but the parent company of Instagram “Facebook“ (Chtrbox database ) Are under investigation to understand if the data described (including email address and phone number) comes from Instagram or from other sources, and where we come from We are asking Chtrbox to understand what it is and how it became publicly available. '

in Web Service,   Security, Posted by logu_ii