Contact Info Of Millions Of Instagram Influencers Hacked And Uploaded Online

There is a rising concern among Instagram users as a database of millions of Instagram accounts have been hacked and uploaded online.

The password-free list found on Amazon Web Services consists of many popular names including influencers, celebrities, and even brand accounts. It is estimated that at the time of this article there were more than 49 million records left exposed and the number was still increasing as the hour passes.

A quick search on the data showed that each record consisted of public information from each account such as bio, profile picture, verification status, number of followers and location. Additionally, registration data - which is considered private, was also found with a personal email address and phone number of the account owner.

The database was discovered by Anurag Sen - a security specialist who informed TechCrunch in the attempt to track down the owner and secure the list. The data was then discerned back to a digital marketing company in Mumbai called Chtrbox, which partners with influences to publish sponsored content on their channels. We found a metric that evaluates an account’s worth based on the number of followers, engagement analysis on the number of reaches, likes, and shares from the account. The evaluation will then be used to determine how much an Instagram influencer can make to post an ad.

Several high-profile accounts were found on the list, including rising stars, food bloggers, celebrities and other social media names.

TechCrunch decided to randomly test out some people found on the database via their provided phone number. Two of the respondents confirmed their information used to create their Instagram accounts, however, no business with Chtrbox was involved.  No longer after we contacted, Chtrbox took down the list. Pranay Swarup, the founder and CEO of the company did not comment or provide answers in regard to how and why the company had access to Instagram account private email list and registry phone numbers.

The incident happened two years after Instagram announced and acknowledged a security bug found in its developer API allowing hackers to easily access emails and phone numbers details of over six million accounts on its platform. The hackers then traded the database for bitcoin. Months after, Instagram choked its API to cut down on the requests that developers and apps can inquire on the platform to protect its over a billion users now. Facebook, Instagram’s parent company commented that the matter was taken into consideration.