May 24, 2019 - TechCrunch, a publisher, announced the discovery of an exposed database containing the user information of 49 million Instagram users. The database apparently contains pretty much any information that people deemed fit to place in their bios or which they used to register with the service. While there is no confusion on where the information appears to have come from, there seems to be quite a bit of confusion on how the breach actually occurred. It turns out that the database in question didn't reside on one of Instagram's servers and based on a statement from Facebook - owner of Instagram - they don't seem to know how the company responsible for the breach got their hands on the data.
The breach was discovered by a security researcher who brought it to the attention of TechCrunch. Data contained in the file includes biographical information, city and country information, email addresses, phone numbers and profile pictures.
The database containing the information is now offline but it was housed on servers located in India and belonging to a company named ChtrBox. The company is a social media marketing firm.
According to TechCrunch, Facebook responded to an inquiry about the breach by saying, “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with ChtrBox to understand where this data came from and how it became publicly available.” It is unclear at this time if Facebook had a business relationship with ChtrBox, but the statement would appear to indicate that Facebook was surprised by this breach.
Based on the information released so far, it would appear that direct identity theft as a result of this breach is unlikely. But ACCESS is advising consumers who use Instagram to change their password as a precaution, and to carefully screen their email for potential phishing messages.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|