Facebook is investigating a report that claims the private contact data for millions of the influencers, brands, and celebrities who use the company’s Instagram subsidiary has been exposed online.
That news comes via TechCrunch, which recounted in a post on Monday that an unprotected database hosted by Amazon Web Services included private emails and phone numbers for millions of high-profile Instagram users. In all, more than 49 million records were reportedly contained in the database.
A Facebook spokesman told TechCrunch it’s looking into the matter and that “Scraping data of any kind is prohibited on Instagram.” According to the publication’s report, a security researcher named Anurag Sen found the database and alerted the news site to its existence. The site, in turn, says it traced the database to the social media marketing firm Chtrbox, based in Mumbai.
That firm apparently pays influencers for sponsored posts — moreover, it seems this database also assigned an estimated worth to each account in the database based on things like its number of followers and overall reach. It’s the kind of information that would be used to determine how much to pay an influencer for one of those sponsored posts.
TechCrunch says it reached out to some of the Instagrammers whose data it came across. The site was able to contact several random people based on private data found in the database, underscoring its legitmacy — though the site reports the database has also since been taken offline.
The Facebook spokesman added that the social network is looking into how this happened and what data was obtained and that the company “will share an update soon.” Of course, this comes some two years after a version of the same thing happened before, when Instagram acknowledged that a security bug let hackers improperly get their hands on private contact data for six million Instagram accounts.