Facebook is investigating a major data breach that leaked personal information of 49 million Instagram users, writes TechCrunch after it received and analyzed the data from security researcher Anurag Sen.
The unsecured database, hosted by Amazon Web Services, contained personally identifiable information such as email addresses and phone numbers, as well as user location, number of followers, profile picture and description, likes and shares. TechCrunch traced it back to a social media company based in India named Chtrbox.
What’s more, because Chtrbox helps companies grow their audience by connecting them with influencers for paid posts, many accounts leaked belong to famous influencers, brands, food bloggers and celebrities, TechCrunch writes.
Even though the company conducts its business in India, it held data of users from other countries, which could lead to issues with international data privacy regulations, such as GDPR in the case of EU residents.
In a public statement on its website, Chtrbox writes “the reports are inaccurate” because they never had more than 350,000 influencers.
“This particular database of limited influencers was inadvertently left unsecured for approximately 72 hours,” it further states. “As soon as we discovered the database vulnerability, we took immediate corrective action to secure the limited exposure.”
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,” reads a statement from Facebook. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”