Bad News for Instagram Influencers: 49 Million Records Leaked
This week, a critical database containing the contact details of 49 million of Instagram’s high-profile users and brand accounts was found online. The database was hosted on an Amazon Web Services server and was publicly accessible.
The leaked records included public data from certain Instagram accounts, including user bios, profile pictures, the counts of follower bases, verification status as well as physical location. Catastrophically, the database also contained highly private contact details such as email addresses and phone numbers. Additionally, the database contained estimates of the worth of each account calculated by the number of its followers, reach, engagement, and so on.
The database was uncovered by security researcher Anurag Sen, who reported it to TechCrunch. The media outlet then traced the database back to an Indian social media marketing firm Chtrbox that pays influencers to post sponsored content.
Chtrbox quickly removed the database from public access but has inexcusably not issued a public statement since the incident.
MacKeeper Anti-Malware Lab experts are investigating the case to find out whether the database has been intercepted and put up for sale as is common in such cases. However, at time of writing, no evidence of such incidents have been found.
“Security researchers and malicious actors alike scour the internet for exposed databases,” Oleh Shpyrna, Security Researcher at the Lab, explains. “Researchers intend to inform database owners of vulnerabilities while others seek to profit from them. There are many offers to buy and sell leaked personal information on the deep web. Pricing depends on the person that the data refers to and what kind of data it is. Unsorted data is sold for about $5-8 per 1,000 records. By contrast, information about celebrities can cost considerably more and be sold only in narrow circles.”
Despite not being the responsibility of the platform itself, the Instagram influencers data leak is just the most recent scandal in a long line of privacy mishaps involving Facebook and the companies it owns.
“These days, data breaches and leaks happen weekly. Nobody can guarantee 100% data security but there multiple tools and behaviors that would significantly mitigate against such risks,” says Alun Baker, CEO at MacKeeper, creators of MacKeeper. “Unfortunately, corporations that experience such problems think first of their reputational risk and not the reputational risk of the individuals affected. Often companies are not aware of the breach, but—once discovered —the default position is to not communicate the problem until they have researched or closed the breach or a third party exposes the situation. In that critical early period, a lot of the damage to consumers around privacy and personal data can be avoided, but isn’t.”
For every affected person, it is crucial to learn about the incident immediately and to understand what to do about their compromised account and other online assets. Consumers need a step-by-step set of instructions to follow that minimizes their exposure in such high-risk situations. Unfortunately, the companies affected by a data leak rarely provide such information in a timely or efficient way.
As a global leader in personal online protection and privacy, we at MacKeeper do our best to protect your most valuable asset in today’s digitally dependent world—your personal data and your privacy. MacKeeper offers several tools to help make you and your families online experience safer. By combining security, privacy, and anti-fraud technologies and services, we help protect you across multiple devices in and outside your home. We strive to help people easily solve the problems and complexities of digital privacy and protection through our tools and advanced personal tech assistance—24/7.
Moreover, we strive to help you even in those situations where data loss cannot be prevented. MacKeeper has launched ID Theft Guard, a new service that helps you locate any personal, leaked web account details. Every user can set up early alerts about new leaks of their personal data into the deep and dark web. Upon doing it, they will receive information about these incidents and recommendations on what steps to take. A quick reaction is crucial for preventing identity theft.