Social Networks

Database of 49 Million Instagram Influencers Leaked Online

Facebook is investigating a major data breach that leaked personal information of 49 million Instagram users, writes TechCrunch after it received and analyzed the data from security researcher Anurag Sen.

The unsecured database, hosted by Amazon Web Services, contained personally identifiable information such as email addresses and phone numbers, as well as user location, number of followers, profile picture and description, likes and shares. TechCrunch traced it back to a social media company based in India named Chtrbox.

What’s more, because Chtrbox helps companies grow their audience by connecting them with influencers for paid posts, many accounts leaked belong to famous influencers, brands, food bloggers and celebrities, TechCrunch writes.

Even though the company conducts its business in India, it held data of users from other countries, which could lead to issues with international data privacy regulations, such as GDPR in the case of EU residents.

In a public statement on its website, Chtrbox writes “the reports are inaccurate” because they never had more than 350,000 influencers.

“This particular database of limited influencers was inadvertently left unsecured for approximately 72 hours,” it further states. “As soon as we discovered the database vulnerability, we took immediate corrective action to secure the limited exposure.”

 “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,” reads a statement from Facebook. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

About the author


From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.


Click here to post a comment
  • Facebook and other companies should be held liable and accountable for security breaches.

    If in fact this does go without MASSIVE fines and changes, there will be no reason for any company to dedicate any amount of money to security and instead ask for forgiveness.

    This sort of thing happened with Equifax and it is absolutely wrong what happened there. No company should be let off the hook.

    • Totally agreed. If these biggies are always unpunished, nothing pushes them to invest more (or at least the reasonable) in protecting the security of their customers data.