Millions of Instagram Influencers' data compromised by Mumbai-based company, probe on

Mumbai-based social media influencer marketing agency Chtrbox failed to secure private data of nearly 5 crores Instagram users, according to TechCrunch. In its statement, Chtrbox says that database for a limited number of influencers was inadvertently exposed. However, Chtrbox has denied allegations of leaking sensitive personal data.

"This database did not include any sensitive personal data and only contained information available from the public domain, or self reported by influencers," Chtrbox said.

"Our database is for internal research use only, we have never sold individual data or our database, and we have never purchased hacked-data resulting from social media platform breaches. Our use of our database is limited to help our team connect with the right influencers to support influencers to monetize their online presence, and help brands create great content," it added. 

Earlier, Instagram said it is investigating whether Chtrbox improperly stored its user data in violation of its policies amid reports of information of millions of users being available online allegedly in an unsecured database. 

"We are investigating whether a third party improperly stored Instagram data, in violation of our policies. It's also not clear whether the phone numbers and emails in Chtrbox's database came from Instagram," Instagram spokesperson said.

READ | Instagram security blunder: Millions of passwords were stored in plain text on servers

Security researcher Anurag Sen discovered the database hosted on Amazon Web Services online consisting of data of nearly 5 crores Instagram influencers, celebrities and brand accounts. The database was allegedly traced back to Chtrbox.

Apart from public data such as bio, profile picture and number of followers, the database reportedly contained users' private contact information like email address and phone number.

However, Chtxbox termed the reports of private data being leaked as "inaccurate" and acknowledged that "a particular database for limited influencers was inadvertently exposed for approximately 72 hours".

If Chtrbox indeed had (or has) access to private contact information of millions of Instagram users mainly Influencers, celebrities and Brand accounts, the question is simple: How did Chtrbox get access to private contact information of millions of Instagram users?

Chelsea Hassler, Vice President & Editorial Director at Zeno Group, had this to say:

"I've had a running theory that chtrbox was a giant scam for a while, but i'm super curious if they had backdoor API access they used to scrape through a brand partner."

(With agency inputs)