The photo-sharing platform is questioning how the contact details of nearly 50 million of its users came to be stored on an unprotected web database.

According to TechCrunch, which ran the story first, the personal and private data of high profile social media “influencers” were among the information compromised. The data included records such as names, email addresses and phone numbers.

Speaking to the BBC, Facebook-owned Instagram said it is now looking into the matter and trying to discover where the data came from. The database itself has been tracked back to a company named Chtrbox which is headquartered in Mumbai.

The database was held on an Amazon server which had no password protection, leaving it unguarded. The situation was passed on to TechCrunch by a researcher working at the facility.

In a statement, Instagram said:

“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources.

“We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

In the initial TechCrunch report, it was revealed that the information put at risk also included of many account holders.

The database has now been taken offline. Chtrbox are yet to make an official response to the situation.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus