The scandals never stop for Facebook. This time, it is Facebook-owned Instagram with a massive data leak that may have compromised about 49 million Instagram accounts. According to TechCrunch, security researcher Anurag Sen stumbled upon a public AWS database that contained the contact information of millions of Instagram account holders. That data base has now been pulled offline.
Steven Buchko slams Facebook’s lax data security in this post published by the financial news site CCN:
The exposed database includes public information from Instagram accounts such as the number of followers, likes, and shares of a particular user. More concerning, though, is the inclusion of email addresses and phone numbers of numerous account owners – information that Instagram allegedly keeps private.
Chtrbox, a social media marketing firm, owns the database. As part of the data, the company calculated a net worth for each account using public information and presumably reached out with offers through the suspiciously obtained contact information.
This latest Instagram snafu further proves that Facebook either doesn’t care or doesn’t know how to secure user privacy. Just last month, security firm UpGuard revealed that you could find hundreds of millions of private Facebook user records through public third-party databases on Amazon. Sound familiar?
In the past five years, Facebook has leaked the private information of its users on several different occasions. August 2017 saw hackers obtain and sell email addresses and phone numbers of around 6 million Instagram users. In September 2018, Facebook security vulnerabilities enabled malicious parties to gather the personal information of almost 50 million users. And, who could forget the ridiculous Cambridge Analytica debacle?
Throw in Facebook’s risky, plaintext storage of passwords, and you paint a picture that’s drastically different than the company’s new “privacy-focused” brand.
