49 Million Instagram Users’ Private Data Leaked via AWS

Another day, another unsecured AWS instance: This time, it’s the sensitive data of almost 50 million Instagram “influencers” leaked and at risk.

The data leak’s thanks to Indian socmed mavens Chtrbox, it seems. But the company’s keeping schtum, so you’ll just have to draw your own conclusions.

Here we go again. In today’s SB Blogwatch, we reuse, recycle and relearn the lessons of the past.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: GoT vs. V.Ice.


AWS Instaleak

What’s the craic, Zack? Mister Whittaker claims a breathless exclusive—“Millions of Instagram influencers had their private contact data … exposed”:

 A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found … exposed and without a password. [It] contained public data scraped from influencer Instagram accounts … but also contained their private contact information, such as … email address and phone number.

[I] traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content. [I] found several high-profile influencers in the exposed database, including prominent food bloggers [and] celebrities.

Shortly after we reached out, Chtrbox pulled the database offline. Pranay Swarup, the company’s founder and chief executive, did not respond to a request for comment. … Facebook, which owns Instagram, said … “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

And then what? Will there be sanctions? Paige Leskin extracts an additional PR drawer tidbit:

 An Instagram spokesperson [said] “Scraping of all kind is against our Terms of Use and we will take action on sites we find in violation of our terms.”

O RLY? As Laura Hautala says, it’s just “the latest sensitive database left open on the internet”:

 Chtrbox … says it has more than 184,000 Instagram influencers as clients, which is far fewer than the [49 million] records reportedly found on the database.

It’s not the first time Instagram accounts have leaked information on high-profile users. In 2017, hackers took advantage of a software bug in the photo sharing app to find phone numbers and contact information for celebrity users.

[This is] one more exposure of an inadequately secured cloud database — a problem that’s grown bigger as more and more companies put sensitive data on cloud servers without the expertise needed to lock the data down. Researchers around the world search for exposed databases and try to get companies to secure them, like a cache of demographic information on 80 million US households removed in April.

Feeling a touch of déjà vu? Appurushido does:

 It’s going to come to a point where everyone will become desensitized to all of this info leaking and it will keep happening.

Look at Target, Walmart and other big chain retailers. Nothing happened.

Look at what happened with Facebook, nothing. With all the other companies that had info leaked and didn’t notify their customers for months or even years.

Wait. Pause. Who are these “influencers,” anyway? lunarworks waxes reductive:

 [They are] people who have gained a large following on Instagram for being attractive and fashionable, and [who] leverage that following into a career of being sponsored by brands to push those brands onto their followers.

And Depicus adds their experience:

 My dogs have about 200 followers (although I’m sure 197 of them are my mum creating new accounts when she forgets her password) and they often get requests to promote dog collars, food, leads, etc.

I know it’s not worth it but can see how others are seduced and pass their details to marketing companies.

But there are 49 million “influencers” on just one platform? astrea asks:

 How many Instagram influencers are there in total?
What is the percentage of influencers in the entire population of (active) users?
At some point it’s just influencers influencing each other, right?

However, This Anonymous Coward sounds extraordinarily frustrated:

 “Influencers” is not a thing, and never will be. All it is, is an imaginary self-induced self-fulfilling prophecy of your little … world that nobody cares about.

And no matter how desperately you want [it to be] a thing … it will never be, as none of your “influencers” is ever more than a blip of fame, followed by a blop of fall. And a blatantly obvious hyped marketing outlet puppet.

So where’s the GDPR angle? kot-behemoth kindly obliges us:

 This looks like the perfect time for some of the EU-based influencers to raise a GDPR infringement request against Chtrbox. They collected the geo-location of the people, so the company should’ve known they would be liable.

YAUAI: yet another unsecured AWS instance. slack_justyb explains why this keeps happening:

 Considering how some deploy to AWS, if it’s not there in the Stack Overflow post they’re copying, then nope.

Meanwhile, Miskkie hopes some good could come of this:

 Hopefully some tax entity goes and checks if those people have reported whatever income they made from the paid ads.

And Finally:

Swedemason’s Song of Vanilla Ice and Fire


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Pete Linforth (Pixabay)

Featured eBook
Doing Identity Access Right

Doing Identity Access Right

Caring for your company data as one of your most valuable assets can seem like a constant balancing act. In a world of corporate hacks and ransomware, keeping your data under digital lock and key is absolutely essential. But so is allowing your employees to use it to do their best work. Managing who has … Read More