Cybersecurity researcher Anurag Sen discovered an open access server on Amazon cloud service, which contained more than 49 million data records of Instagram users.
Actually, that was an online database, which had a real-time growth of the audience and kept public information about the accounts of popular users. All data belongs to the Facebook service, including accounts descriptions, avatars, the number of subscribers, information about user's official verification and location. However, this database also comprised private data: telephone numbers and email addresses. Journalists appealed to several users from the base, and two people confirmed the correctness of their phones and addresses.
As it turned out later, the base was gathered by the Indian company Chtrbox, which deals with the placement of advertising in social networks. Thus, the records from the database contained estimates of the account's popularity, relying on it Chtrbox calculated the fee for ads posts placement for particular Instagram users.
Shortly after the journalists appealed to Chtrbox, the access to the database was closed, but it was still unclear how the company collected Instagram subscribers information and what channels they used.
Facebook reported that their experts are delving into the circumstances of the incident. They are investigating the issue to determine whether the data, including email addresses and numbers, have been received from Instagram or other sources. They are also trying to find out from Chtrbox, where this data came from and how it became public.
Let’s take into account that cybersecurity experts from UpGuard have recently discovered FB users personal data on Amazon's cloud servers which became publicly available and are deemed to be the haul of third-party app developers for social networking. In total, over 540 million records were placed in those archives.