After discovering the database, the security researcher reached out to TechCrunch for help in order to track down the owner of the database and get it secured. The publication traced the database to a social media marketing company named Chtrbox based in Mumbai, India, which pays influencers to post their clients’ sponsored content onto their pages. Besides containing publicly available information found on Instagram, such as names, pictures, and the number of followers, it also contained an estimated “worth” of each person listed in the database based on routine metrics like the number of followers, likes, shares, reach and other info. The database was pulled offline shortly after Chtrbox was contacted by TechCrunch. Also, affected Instagram account were contacted and informed about the breach. Facebook, which owns Instagram, told TechCrunch that “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
