Recently, a news related to the database with the personal data of Instagram users containing their bio, profile picture and the number of followers was found lying publicly on the internet. The database had the contact information of some Instagram account owners as well. This leak was first discovered on Shodan and was then brought into light by the cyber security researcher, Anurag Sen.
The database contained public data scraped from Instagram accounts including their bio, profile picture and the number of followers. The database also contains the private information of some Instagram account holders including their locations, phone numbers as well as their locations.
The reason behind this leak is an unprotected database that is hosted by Amazon Web Services bucket that has led to the exposure of over 49 million records of Instagram influencers on the internet. The affected individuals include celebrities, brands as well as food bloggers.
How did this happen?
The leak has been traced back to a social media marketing firm Chtrbox. Once the firm came to know about the unprotected database, Chtrbox immediately secured the database. There is no clear indication on how the firm was able to get its hands on the private information of celebrities. The firm confirms that the database was lying publicly for 72 hours and around 184,000 Instagram influencers were affected instead of 49 million Instagram users. Instagram has also supported the claim and has ensured that no private emails or phone numbers have been accessed.
How can organizations ensure that such attacks do not take place?
The database was left unsecured without any password protection which led to the access of data publicly. It is, therefore, very important to ensure that the database is password protected.
Database server security testing will lead to the detection of vulnerabilities that can be exploited by the attackers.
Enable proper authorization and authentication in order to access the database.