- Lyft received a whopping 7 sexual assault lawsuits in a day Wednesday 10:00 PM
- High school reopens investigation into Nazi salute video after other racist videos emerge Wednesday 7:14 PM
- Facebook content moderators continue to suffer from brutal working conditions Wednesday 5:58 PM
- #RIPReese: Man bullied for relationship with trans woman dies by suicide Wednesday 4:46 PM
- Redaction error reveals ICE is paying Palantir $49 million Wednesday 4:25 PM
- People are using social media to raise awareness about the Amazon fires Wednesday 4:24 PM
- How to watch ‘Detective Pikachu’ right now Wednesday 3:56 PM
- Walmart is suing Tesla over fires at stores with solar panels Wednesday 3:44 PM
- Jeremy Renner asks nicely for Sony to let Spider-Man back in the MCU Wednesday 2:51 PM
- The best and safest torrenting sites you should be using in 2019 Wednesday 2:47 PM
- ‘Beyoncé’s Assistant for a Day’ creator is releasing more games on storytelling app Yarn Wednesday 1:54 PM
- Why does everyone keep falling for that Instagram and Facebook hoax? Wednesday 1:46 PM
- A bunch of celebrities fell for that viral Instagram hoax Wednesday 1:17 PM
- Former Die Antwoord crew member says video shows ‘homophobic attack’ Wednesday 1:13 PM
- How to stream all the MLS Rivalry Week matches Wednesday 1:13 PM
The private information of millions of prominent Instagram users was left exposed online in an unsecured database, TechCrunch reports.
Discovered by security researcher Anurag Sen, the Amazon-hosted database was not protected by a password and contained more than 49 million records.
Those records, which pertain to Instagram influencers and celebrities, included everything from “their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country” to “the Instagram account owner’s email address and phone number.”
The database reportedly belongs to Chtrbox, a social media marketing firm based in Mumbai, India, that pays certain Instagram users to post sponsored content.
Chtrbox pulled the database offline after being alerted to the issue but did not explain how it came to possess Instagram users’ email addresses and phone numbers.
In a statement to TechCrunch, Facebook, which purchased Instagram in 2012, said it was investigating how the issue unfolded.
“We’re looking into the issue to understand if the data described—including email and phone numbers—was from Instagram or from other sources,” the company said. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
The incident is not the first time that high-profile Instagram users have had their data compromised.
Hackers in 2017 were able to obtain the phone numbers and email addresses of some of Instagram’s biggest users, including President Donald Trump and the rapper Drake, and sold them for bitcoin on the dark web.
The Daily Dot has reached out to Instagram for comment.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.