This contains public information (including user bio, profile picture, location, number of followers) as well as private data (mobile numbers, email ids, amounts transacted) of users, who are clients of Mumbai-based influencer marketing agency Chtrbox.
The leak was first shared with TechCrunch by a cybersecurity researcher.
Chtrbox, which connects influencers with brands and pays them to post sponsored content, claims on its website that it has a clientele of more than 180,000. However, the compromised database is significantly larger and is said to be "growing by the hour". It includes the information of high-profile accounts of popular Indian celebs and bloggers. Since the leak, the agency has pulled down the database.An Instagram spokesperson stated that Facebook (which owns the photo-sharing platform) is investigating the matter. She said,
“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available."Incidentally, Chtrbox works with influencers from other social media platforms like TikTok as well. It claims that it helps "influencers earn campaigns and sponsorships from the best of brands and agencies".
The agency is yet to release a statement on the data breach.This, however, is not the first instance that Instagram user data has been exposed. In 2017, a software bug allowed hackers to gain access to private data of celebrity users. Instagram later updated its terms of use, making "crawling" or "scraping" of data illegal.