A few days ago we pointed out that Instagram had suffered a security breach and that personal data of more than 49 million users, including many influencers, had been exposed. In fact, a company that manages relationships with influential users of Instagram, called Chtrbox, had uploaded the database obtained, allegedly illicitly, to an Amazon Web Services server, so it was available to everyone until it was withdrawal during this week.
“Apparently, the leaked data was collected by an influencer agency in India among public information available on Instagram among other sources.”
However, Instagram has carried out an internal investigation to determine the scope of this situation and points out that there has been no vulnerability that would allow a third party application to obtain sensitive information from Instagram users, neither through scrapping techniques nor through no other way.
Company sources have sent to TreceBits an official statement in which Instagram states the following: “We take any accusation of inappropriate use of data in a very serious way. According to an initial investigation regarding the above, we determined that no email or phone number of Instagram users was accessed. The information contained in the Chtrbox database included publicly available information from numerous sources, including Instagram. “
Thus, there would be no filtration and the data included in the database would have been obtained because they are public, not private. There are some more contradictions in the story, since apparently the Chtrbox database could contain (public) records of 350,000 users and not 49 million as was initially considered.
In fact, Chtrbox has confirmed that most of the personal data that was included in the list came from users who used Chtrbox directly in India. In addition, the company has acknowledged that it compiled the phone numbers and email addresses of the users that they had published openly in their Instagram profiles, for example, in the bio. On the other hand, its employees also carried out research techniques on other websites and Internet platforms to obtain the personal information of the most influential users included in the list.
Be that as it may, Instagram has removed Chtrbox access to its platform. The company can no longer use its API or access personal information from users of the app.