In the midst of the storm that blasted Facebook over the past two years, Instagram remained mostly unshaken and a shining beacon in the company’s portfolio. Yes, it had its fair share of lapses, but those seemed to pale in comparison to Facebook’s faults. Now, however, it seems that Instagram’s past may be coming back to haunt it, as a still unresolved mystery may cause its most popular and most profitable users to lose trust in the social network.
To be fair to Instagram, it didn’t get hacked. Or at least, it’s not yet certain that this leak of private information came from a hack. Two years ago, it did report a bug that exposed 6 million users’ data but the connection between these two might be superficial at best.
Security researcher Anurag Sen discovered a database, hosted by Amazon Web Services, that held millions of records associated with the Instagram famous. These included not just public information like bios, and followers and locations but also private and critical information like e-mail address and phone number. To make matters worse, however, is that the database was left exposed and without a password, inviting anyone, including hackers, to simply take a look inside and pilfer the data.
That database was apparently owned by Mumbai-based social media marketing firm Chtrbox. Unfortunately, many of those included in the database reported having had no dealings with the company. Chtrbox has taken down the database but has remained silent on the matter. It’s also unknown who else has seen the records before it was even discovered.
Facebook and Instagram are reportedly already on the case but even they have no idea how Chtrbox was able to scrape even private information. It hints that Instagram hasn’t yet learned its lesson in taking the privacy of its users, especially its money-making influencers, seriously.