Instagram website has been leaking several users’ personal data, including phone numbers and email addresses for at least four months, a researcher has claimed. According to David Stier, a data scientist and business consultant, the source code of some Instagram profiles included the account holder's contact information whenever it loaded in a web browser. According to CNET, the researcher notified Instagram shortly after he discovered the problem earlier this year.
He says that thousands of users, whose data was compromised, included private individuals, minors, along with businesses and brands. Since the contact information was available in the source code, the hackers were able to scrape it and assemble a virtual phone book with the contact details of these Instagram users. The researcher also linked his expose to a report which said that Mumbai-based social marketing media firm, Chtrbox, had obtained contact information for millions of Instagram accounts and stored it on an unsecured database. This helped hackers scrape the data to create a similar database.
Meanwhile, Instagram spokeswoman Stephanie Otway told CNET that the data Stier found in the website's source code was not private. “The contact information discovered in this case is not private contact information, but contact information a member of the Instagram community chose to share when converting their profile to a Business Profile. During the setup process for Business Profiles we display this information, remind people that it will be accessible to others, and allow them to update or remove the information,” Otway was quoted as saying.
Reportedly, Instagram also said the contact information acquired by Chtrbox was not private as well. However, it did say that the social marketing media firm did access some of the contact information in violation of Instagram policies (leading Instagram to revoke Chtrbox's access to its platform.) Chtrbox, however, denied that it sourced the information through unethical means.