Cell Phone with Instagram Application

What Happened?

On Monday, May 20, 2019, TechCrunch was alerted to a massive exposure of Instagram influencers’ private information through an unsecured online database. At the time of discovery, the database contained 49 million records and was continuing to grow as it “scraped” the Instagram accounts of influencers, celebrities, and bloggers.

Upon further investigation, TechCrunch traced the source of the leak to India-based social media marketing company, Chtrbox — a firm that pays influencers to post sponsored content. The data exposed included users’ bios, profile pictures, number of followers, location, email addresses, and phone numbers. These metrics are used to determine how valuable an Instagram account is to advertisers.

The database has been taken offline, but it’s unknown how long these Instagram influencers’ information sat unprotected on the web. This is the second Facebook-owned application to experience a data privacy issue since a WhatsApp hack was discovered just seven days earlier.

Should I Be Worried?

Even if you don’t consider yourself an Instagram influencer, social media data breaches have already exposed hundreds of millions of users in 2019. And it’s not just social media; major data breaches across all industries and services are reported regularly, and those involved in often never find out their information was compromised until they fall victim to identity fraud.

In the case of a data leak like this one, Personally Identifiable Information (PII) including phone numbers and email addresses can be easily leveraged to commit telephone or phishing scams. Furthermore, these pieces of information can be used to reset login credentials, leading to account takeovers that can damage reputations or put you at risk for synthetic identity theft. Remain vigilant about monitoring your accounts and investigate any alerts that may indicate suspicious activity.

3 Tips to Secure Your Social Accounts

  1. Change your passwords. Immediately change your password on all social media accounts and anywhere else the same credentials are used. Facebook and Instagram are linked apps, so if one is compromised, both are.
  2. Adjust your privacy settings. Consider temporarily making your account private and follow our tips to adjust your Instagram privacy settings.
  3. Be wary of sponsored content offers. If your contact information was exposed, fraudsters could use it to try to dupe you with fake advertising offers or phishing emails. Take caution to ensure the legitimacy of emails before clicking or making a purchase.