A massive database of millions of Instagram influencers and its most valuable users containing contact information has been found online. The database was left exposed and without a password allowing anyone to look inside, hosted by Amazon Web Services. The database had over 49 million records at the time of writing, but it was growing by the hour.


Each record contained public data scraped from influencer Instagram accounts, got to know from a brief review of the data. It includes their bio, profile picture, the number of followers they have, if they’re verified, and their location by city and country. Their private contact information, such as the Instagram account owner’s email address and phone number, is also their.

The database was discovered by Security researcher Anurag Sen, in an effort to find the owner and get the database secured, alerted TechCrunch. The database back to Mumbai-based social media marketing firm Chtrbox was traced by them, which pays influencers to post sponsored content on their accounts. A record that calculated the worth of each account is present in each record in the database, based off the number of followers, engagement, reach, likes and shares they had. This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.

Several high-profile influencers in the exposed database, including prominent food bloggers, celebrities and other social media influencers were found in this. Randomly people were get in touched by techcrunch, whose information was found in the database and provided them their phone numbers. Two of the people responded and confirmed their email address and phone number found in the database was used to set up their Instagram accounts. They said Neither had any involvement with Chtrbox.

Chtrbox pulled the database offline, shortly after techcrunch reached out. The company’s founder and chief executive,Pranay Swarup, did not respond to a request for comment and several questions. Including all the questions that how the company obtained private Instagram account email addresses and phone numbers.

read also: Instagram is shutting down its standalone Direct app in coming weeks

After two year of Instagram admitted a security bug in its developer API allowed hackers to scrape the email addresses and phone numbers of six million Instagram accounts, this scraping effort comes. Later, the hackers sold the data for bitcoin. It was looking into the matter said Facebook, which owns Instagram.

Scraping data of any kind is prohibited on Instagram,” said a spokesperson. “We’re investigating how and what data was obtained and will share an update soon.”

Instagram, now months later,  with more than a billion users, choked its API to limit the number of requests apps and developers can make on the platform.