Instagram Leaked
⚡ 👉🏻👉🏻👉🏻 INFORMATION AVAILABLE CLICK HERE 👈🏻👈🏻👈🏻
News Corp is a network of leading companies in the worlds of diversified media, news, education, and information services.
The leak has reportedly only affected high profile users
INSTAGRAM has accidentally leaked the private information of 49million of its users including major influencers and bloggers.
A huge database containing details about celebrities, influencers and brand accounts was recently discovered online and anyone could access it.
Security researcher Anurag Sen discovered the database and alerted TechCrunch in the hope that some action would be taken to make all this information secure.
It was easily discovered because it was hosted by Amazon Web Services and did not require a password before viewing.
When it was first discovered it contained the information of around 49million Instagram users but that number was growing by the hour.
TechCrunch traced the database back to Mumbai-based social media marketing firm Chtrbox, which has now taken the database offline.
Chtrbox is a company that pays influencers to post sponsored content on their Instagram accounts.
The database appears to have been made my Chtrbox to work out how much it should pay an influencer based on the number of followers, engagement, reach, likes and shares they have.
Because of this it is thought that only people with a substantial amount of followers and those who post sponsored content could have been affected, including prominent food bloggers and celebrities.
The database contained public data taken from influencer Instagram accounts, including their bio, profile picture and their number of followers.
In addition to this, it revealed their location and private contact information including email addresses and phone numbers.
Some of the celebrities in the database confirmed that their information had been leaked despite them never having any contact with Chtrbox.
Facebook, which owns Instagram, released a statement which read: "We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources.
"We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available."
A Facebook spokesperson has since told us: "We are investigating whether a third party improperly stored Instagram data, in violation of our policies.
"It's also not clear whether the phone numbers and emails in Chtrbox's database came from Instagram.
"Regardless, the possibility of third parties mishandling user data is something we take seriously, which is why we’re quickly working to understand what happened.”
Martin Jartelius, CSO of cyber assessment company Outpost24 said: “The latest incident affecting Instagram seems to be a supply chain security issue, where one of the social media platform’s suppliers failed to apply security to a database of Instagram accounts.
"However, even though the incident didn’t happen within Instagram’s own network, it doesn’t make the company any less responsible.
"When an organisation needs to outsource or run a partnership with a third-party, it is their responsibility to ensure it does not put their customer data at risk.
"They must understand how the data will be held and ensure the third-party’s security standards are equal to their own.
"In this case, it seems that Instagram failed to do this and, as a result, have put their customers’ data at risk.”
GAME ON
PS5 restock LIVE - John Lewis, Argos, GAME rumoured to drop stock 'NEXT WEEK'
DOWN AND OUT
WhatsApp, Instagram and Facebook down as users say services was of action
THE PRICE IS...WRONG
Someone just bought a VIRTUAL house for $500,000
WAY TO GO!
Stunning photo of the Milky Way took 12 YEARS for photographer to capture
RED DEVIL
Nasa's Perseverance rover captures 'dust devil' on Mars in ultra-rare footage
SPEED BOOST
BT gets go-ahead to give 20MILLION homes super-fast fibre broadband cables
The leak comes alongside a fresh warning by police over Instagram scams see you blackmailed with private photos.
In other news, Instagram may be getting rid of 'likes' in a bid to reduce the stress they cause users.
You'll also soon be able to buy stuff over WhatsApp and Instagram with new online shopping features.
Do you worry about your social media security? Let us know in the comments...
We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368 . We pay for videos too. Click here to upload yours.
Comments are subject to our community guidelines, which can be viewed here.
Fears Europe's Covid third wave could spread to UK in weeks after jabs fiasco
Shocking moment off-duty cop grabs mum round the neck - as he's spared jail
TV chef Gary Rhodes left more than £6.4million in his will, records reveal
Woman shares the ‘passive aggressive note’ she received in her takeaway
New rub-on sex gel for male impotence works SIX times faster than Viagra
©News Group Newspapers Limited in England No. 679215 Registered office: 1 London Bridge Street, London, SE1 9GF. "The Sun", "Sun", "Sun Online" are registered trademarks or trade names of News Group Newspapers Limited. This service is provided on News Group Newspapers' Limited's Standard Terms and Conditions in accordance with our Privacy & Cookie Policy. To inquire about a licence to reproduce material, visit our Syndication site. View our online Press Pack. For other inquiries, Contact Us. To see all content on The Sun, please use the Site Map. The Sun website is regulated by the Independent Press Standards Organisation (IPSO)
Our journalists strive for accuracy but on occasion we make mistakes. For further details of our complaints policy and to make a complaint please click this link: thesun.co.uk/editorial-complaints/
© 2021 Forbes Media LLC. All Rights Reserved
This is a BETA experience. You may opt-out by clicking here
EDITORS' PICK|Aug 19, 2020,09:00am EDT|86 126 views
Opinions expressed by Forbes Contributors are their own.
I report and analyse breaking cybersecurity and privacy stories
235 million social media users warned of phishing risk following data exposure
The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak.
Recently there has been a spate of reports concerning account data appearing on dark web cybercrime forums. From the dark web audit suggesting there are currently 15 billion stolen logins from 100,000 breaches out there, to the hacker giving away 386 million stolen records for free. Not all of this data will have been hacked, at least not in the usual sense of the word: some, as was likely the case in the Utah Gun Exchange incident, will have been exposed by an unsecured database.
Unsecured databases are fast becoming such a huge data protection problem that it's thought a vigilante security researcher is behind the spate of "Meow" attacks that have overwritten the indexes of thousands of such databases. And it was such an unsecured database that the Comparitech researchers, led by Bob Diachenko, discovered on August 1, leaving the personal profile data of nearly 235 million Instagram, TikTok and YouTube users up for grabs.
Wind River BRANDVOICE | Paid Program
UNICEF USA BRANDVOICE | Paid Program
The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.
Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information:
Statistics about follower engagement, including:
"The information would probably be most valuable to spammers and cybercriminals running phishing campaigns," Paul Bischoff, Comparitech editor, says. "Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation," Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers.
So, where did all this data originate? The researchers suggest that the evidence, including dataset names, pointed to a company called Deep Social. However, Deep Social was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.
A Facebook company spokesperson told me that "scraping people's information from Instagram is a clear violation of our policies. We revoked Deep Social's access to our platform in June 2018 and sent a legal notice prohibiting any further data collection."
Once the researchers found the database and the clues to its origin, "we sent an alert to Deep Social, assuming the data belonged to them," Bischoff says. The administrators of Deep Social then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. "Social Data shut down the database about three hours after our initial email," Bischoff says.
Social Data has denied any connection between itself and Deep Social, according to the Comparitech report. It should also be made clear that the data leaked, social media public profile data is available to anyone who visits the accounts of the users concerned. However, the phishing risk is clearly amplified once such a hoard of profiles is collected together in a well-structured database. It isn't known at this time how long the database was exposed without a password before the August 1 discovery. The Comparitech report points out that: "Our honeypot experiments show that hackers can find and attack unsecured databases within hours of being exposed."
I reached out to Social Data, and a spokesperson provided the following statement:
"We collect data and enrich it with additional useful insights solely on behalf of our reputable customers, who use it strictly for the intended purposes. It is extremely sad that this incident has occurred due to a mixture of unfortunate events. However, as soon as we learned of the incident, we fixed it immediately. We have since been closely working with the information security experts on auditing our security infrastructure and increasing the required levels of information security to avoid similar occurrences in the future."
A TikTok spokesperson told me: "TikTok places the highest priority on user privacy, and we have anti-scraping policies in place. Our Terms of Service prohibit third parties from running automated scripts to collect information from our services, including public profile information. If we identify any such practices, we will take rapid action, including seeking legal redress."
I have also reached out to Google GOOGL +0.3%, who, at the time of publication, was still looking into the matter and unable to provide a statement. I will, of course, update this story if this changes.
Meanwhile, I would advise users of all the services affected, Instagram, TikTok and YouTube, to be especially alert to phishing scams by email or posted as social media comments.
Meanwhile, if your company has any databases "in the cloud" then I would strongly recommend you audit the access permissions and make sure these are not open to anyone who comes looking. Elastic has an excellent guide to securing Elasticsearch deployments.
UPDATED August 20 with a statement from TikTok.
Follow me on Twitter or LinkedIn. Check out my website.
I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT
I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called 'Threats to the Internet.' In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.
Apple Faces U.K. Antitrust Probe Into ‘Unfair’ App Store
Хэштег #leak в Instagram • Фото и видео
Instagram leak reveals 'private details' of 49MILLION users – including...
235 Million Instagram, TikTok And YouTube User Profiles Exposed In...
90K instagram accounts (database leak)
Instagram leaked presentation shows posting advice for influencers
Missttkiss Snapchat
Milfhunter Porn
Rhyanna Lee Porn
Instagram Leaked
