Instagram investigates user data mishandling issue
News website TechCrunch was the first to report Monday that the database of users on Facebook’s photo-sharing platform, hosted by Amazon Web Services, was found online by a security researcher, left exposed and without a password. It had over 49 million records of Instagram users and was traced back to Chtrbox, the website had stated.
Instagram celebrities, influencers and marketers in India said they have not heard from the company on the matter. India has an estimated 64 million Instagram users, as per Statista.
Instagram, responding to ET’s queries, said it is investigating whether a third party improperly stored Instagram data in violation of its policies.
“It is not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram. Regardless, the possibility of third parties mishandling user data is something we take seriously, which is why we’re quickly working to understand what happened,” an Instagram spokesperson said.
In a response to ET's queries, Chtrbox said a particular database for limited influencers was inadvertently exposed for approximately 72 hours and that this database did not include any sensitive personal data and only contained information available from the public domain, or self reported by influencers.
"The reports on a leak of private data are inaccurate. We would also like to affirm that no personal data has been sourced through unethical means by Chtrbox. Our database is for internal research use only, we have never sold individual data or our database, and we have never purchased hacked-data resulting from social media platform breaches. Our use of our database is limited to help our team connect with the right influencers to support influencers to monetise their online presence, and help brands create great content," a spokesperson from the company said.
TechCrunch reported that each record contained public data sourced from influencer Instagram accounts, including their bio, profile picture, number of followers and location details by city and country and private contact information such as email address and phone number.
“If private details, besides pictures, have been found online, it does constitute a serious data breach. The other question is if direct messages of users of these accounts have also been accessed as that also falls under private information – that would be a bigger hit,” said Prashant Puri, CEO of AdLift, a digital marketing firm. “We are hearing that influencer numbers have been growing and would be about 40% of the overall users in India."
According to its website, Chtrbox works with over 184,000 influencers across Facebook, Twitter and YouTube in India, besides Instagram, and “is a platform for brands to discover and collaborate with all kinds of talented influencers in India.”
The company claims it can connect influencers with ‘some of the best’ brands, agencies and startups. As per its website, its clients include Flipkart, Godrej, Nokia, OYO, Adidas and HP.
Sumedh Chapekar, CEO of NoFiltr, an influencer incubator platform that manages some of the top Instagram influencers in India, said the company should be able to fix this as soon as possible.
“Over the past 3-4 years, whenever we’ve had problems like hacking, copyright claims and monetisation, Facebook, the parent company, has been quick to take action,” Chapekar said.
Influencer Shereen Sikka Bharwani, who is popular through her account @shereenlovebug on Instagram and has worked with Audi, Jaguar, Dove and Maybelline, said she hasn’t received any notification from Instagram on the matter.
Although Instagram does not break down the number of influencers by category in all markets, Armand Poonawala, founder of influencer marketing firm @ (pronounced At), said the platform is certainly the biggest in terms of influencer marketing spends in India today.
“Even for us, almost all our clients request a unique influencer strategy that can help their brand reach a wider audience on Instagram.” Poonawala said.