It’s nothing unusual that big social networks’ websites are regularly under attacks. Many users give to social networks many personal data like real name, e-mail addresses, phone numbers or even home address. Also on social networks are shared many personal data like personal photos and videos and people also communicate via social networks – like Facebook’s Messenger. Instagram, a photo-first social network owned by Facebook, got again security issue – some users’ e-mail addresses and phone numbers got exposed.
It was revealed on Thursday. A security researcher David Stier found a flaw, that exposed thousands of users’ email addresses and phone numbers, reported server MacRumors. These data were stored in source code of loaded Instagram profile. Hackers could scrape the data from website relatively easily and then to compile big database to sell. In mobile Instagram app, you can choose to hide your contact info, but these infos were not shown on desktop website regardless of your mobile app settings. It’s not clear why these data were exposed. These private data were reportedly exposed for several weeks.
The leaked contacts are said to have come from thousands of accounts belonging to private individuals, including minors, as well businesses and brands. David Stier alerted Instagram about this dangerous privacy issue in February and Instagram released a patch in March. It’s not clear why it took so much time.
Similar issue is from Monday. Server TechCrunch reported that a massive database that contained contact information for millions of Instagram influencers, celebrities and brand accounts was recently leaked online. This leaked database not only included public data pulled from Instagram, but also personal data like e-mail addresses and phone numbers. The database with more than 49 million records hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. The database was traced back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts. Though uploaded by Chtrbox, the database includes info from influencers who have never worked with the company. Also, the records contained data that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had.
After hearing from TechCrunch, Chtrbox took the database offline. Chtrbox’s CEO did not respond to a request for comment on how the data was obtained. Later, Chtrbox disputed the number of people affected and claimed no more than 350,000 influencers were affected. Chtrbox also said database was only open for 72 hours, but researcher Anurag Sen, who alerted TechCrunch in an effort to find the owner, confirmed the database was first detected on Shodan, a search engine for exposed databases and devices, on May 14.
Facebook, a parent company of Instagram, is investigating this cause. It’s also unclear if leaked data were directly from Instagram or other sources. Or both.
Social network Facebook, photo-first social network Instagram and also chat service WhatsApp are under the same company. There are too many data leaks and privacy issues. It’s shame that such big company can’t secure its services.