The internet is not a safe place, millions of users’ personal details from Instagram were stored in an unprotected database based in Mumbai, India.
Popular photo-sharing site Instagram says it is trying to find out how the contact details of almost 50 million of its users were stored online in an unguarded database.
According to BBC, Tech website TechCrunch, broke the story, saying that it included personal information such as email and phone numbers of high profile users known as “influencers”.
The database has been traced to a Mumbai-based company called Chtrbox. Instagram, which is owned by Facebook which has had a series of data breaches and outages, told the BBC it was trying to find out where the data had come from.
“We’re looking into the issue to understand if the data described including email and phone numbers were from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available,” it said in a statement.
The TechCrunch report said the data also included information such as the location of users. The database itself was stored on an Amazon server and was not protected with a password. An Indian researcher who allegedly discovered it had alerted TechCrunch to it.
Chtrbox, which is a marketing company, has not yet responded to a BBC request for comment, although it has taken the database offline.
Gathering – or scraping – information from Instagram accounts violates the policies of the social media site.
As reported by The Sauce in April 2019, Facebook admitted that it collected up to 1.5 million users’ email contacts without their consent, in the latest privacy issue to hit the giant tech firm. The world’s biggest social network said that the email contact lists had been “unintentionally” uploaded to Facebook following a design change almost two years ago, and the company was in the process of deleting them.