Nearly 50 million Instagram celebrities and influencers had their personal information compromised in a leak of a social media marketing firm's database.
TechCrunch reports it traced the leaked database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts, following a tip off by security researcher Anurag Sen.
The database was hosted on Amazon Web Services without a password and had over 49 million records of celebrities and brand accounts. At time of writing, the number was still growing.
The record contained public data scraped from Instagram accounts like its bio, profile picture, number of followers, if it's verified and location by city and country. It also contained private contact information like the Instagram account owner’s email address and phone number.
The database also had records that estimated the worth of each account, based on the number of followers, engagement, reach, likes and shares it had.
These metrics determined how much the company would pay an Instagram influencer to post an ad.
TechCrunch tested the database by randomly contacting people listed, receiving two replies which confirmed that the personal email address and phone number listed was used to set up their Instagram accounts.
When the tech website contacted Chtrbox, the database was pulled offline, though the company did not respond to requests for a comment.
Instagram's parent company Facebook is investigating the matter too.
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources,” said an updated Facebook statement. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available,” it says.