Web application security testing specialists reported the finding of a massive database exposed online containing contact data of millions of Instagram influencers, celebrities, and business accounts.
Experts mention that the database
was hosted on Amazon Web Services (AWS) and was exposed without any
authentication measures, so any user could access the leaked information. When
detected, the database had almost 50 million of records, although experts
report that the volume of the file was constantly growing.
After a preliminary review, it was reported
that the database contained information about the influencers of this social
network, such as:
- Profile
bio - Profile
photo - Account
data (verification, number of followers) - Email addresses
- Phone numbers
Web application security testing experts tried
to find the owners of the database to be secured. The search came to the
Chtrbox social media marketing company, headquartered in Mumbai. The firm
calculates the value of an account according to some variables (number of
followers, scope, ‘likes’, total interactions, etc.) to determine how much to
pay each account for posting sponsored content.
Web application security testing specialists
took some random data to contact the affected people; the owners of these
Instagram accounts confirmed the veracity of the data exposed although they
refused to have any business relation with the firm Chtrbox.
After the incident was reported the company
took the database offline from AWS, although no member of the company had made
a single statement about it. A few days later, through its Twitter account, the
marketing firm mentioned that the number of accounts exposed was less than 350k
and that the database remained unsecured for only three days; however, the
experts were able to confirm that the database was detected in Shodan since May
14.
Specialists from the International Institute of
Cyber Security (IICS) mention that Facebook, Instagram proprietary company,
will investigate the incident to see if Chtrbox obtained the data directly from
the social media platform or if it resorted to other sources.
