As Facebook continues to dominate the news with continued reports of privacy violations and misuse of personal information, their subsidiary, Instagram, also experienced a major breach this week when it was discovered that millions of users’ personal information, including celebrity accounts, may have been compromised.

The database, which was hosted on Amazon Web Services, contained information such as phone numbers, emails, and location information for approximately 49 million accounts- both individual Instagram users as well as brands who had an Instagram business presence.

The breach, which was discovered by security researcher Anurag Sen, was allegedly traced to Chtrbox, a Mumbai-based social media marketing firm, which pays celebrities and other social media “influencers” to post sponsored content to their Instagram accounts.


This latest breach comes two years after hackers exploited an Instagram security hole that led to the compromise of personal information of approximately 6,000 accounts before it was discovered and repaired. However, hackers who had claimed responsibility (and subsequently sold the information to an untold number of parties) stated that they had developed an automated process that could steal info from up to one million accounts per hour. Instagram quickly repaired the issue and tightened up their API in the months following the issue.

While neither Instagram nor Facebook (which owns Instagram) has yet to issue a public statement as of press time, an anonymous spokesperson did make the following statement to Engadget: “We’re looking into the issue to understand if the data described — including email and phone numbers — was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

For now, Chtrbox appears to remain functional, encouraging users to sign up and easily “monetize your passion.”

Yet as is often the case with easy money, monetization often comes with a hefty price.

In this case, the price may be privacy and peace of mind.