Over 49 Million Records Belonging to Instagram Influencers Exposed Due to Unprotected AWS bucket

• The database contained public data scraped from Instagram accounts including their bio, profile picture and the number of followers.
• The database also leaked private contact information of some Instagram account owners.

An unprotected AWS bucket has exposed over 49 million records of Instagram influencers on the internet. The affected individuals include celebrities, food bloggers and brand accounts.

What’s the matter?

Discovered by a security researcher Anurag Sen, the unprotected database was hosted by Amazon Web Services. The database contained public data scraped from Instagram accounts including their bio, profile picture and the number of followers.

The database also leaked private contact information of some Instagram account owners such as their email addresses, locations, and phone numbers. Each record in the database contained a record that estimated the value of each account based on the various parameters. The parameters are the numbers of followers, engagements, reach, likes and shares of an influencer.

Who is to be blamed?

Upon discovery, Anurag Sen informed TechCrunch in an effort to find the owner of the database. They traced the database back to an India-based social media marketing firm Chtrbox.

What has been done?

TechCrunch contacted Chtrbox to inform them about the incident. Upon learning about the leak, the firm was quick to take remedial steps and secure the database. It is unclear as to how the company obtained the private Instagram account email addresses and phone numbers of celebrities.