Data breaches have become a household name for digital companies. With so many companies globally caught up in the controversial data breach stories, here comes another data breach story and this one hits close to home.
Chtrbox, which has more than 100,000 clients, deals with connecting social media influencers to popular brands and pays the influencers for posting sponsored content. Soon after the leak was spotted, security researcher Anurag Sen got in touch with TechCrunch to get the database secured after which Chtrbox pulled its database offline.
Apparently, as per the report, Chtrbox used a database hosted by AWS which was left exposed without any password on it, leaving a lot of room open for hackers to exploit it. This database contained public and private data of the popular influencer clients of the Chtrbox. Public data leaked included user bio, display picture, location, and number of followers while private data contained information on owner’s email address, personal mobile number, and amount transacted).
However, Chtrbox called the details of the data breach report as “inaccurate” saying that data of only a limited number of influencers was leaked, and of the data that got leaked, it contained mostly public data that the influencers share with the audience on a daily basis, reported the Economic Times.
This is not the first time when Instagram has been hit by a massive data breach like this and it was just last month when Facebook revealed that it exposed about millions of Instagram passwords in a data security breach where it had stored all the user passwords in plain text on its internal servers. Facebook, owner of Instagram, and a victim of multiple data breaches itself, said it’s currently working on the issue and is looking into whether a third party is to be blamed for mishandling Instagram data.
Pranay Swarup, CEO, Chtrbox, hasn’t commented on the data breach yet. However, a spokesperson from Chtrbox told the Economic Times, “we would also like to affirm that no personal data has been sourced through unethical means by Chtrbox. Our database is for internal research use only, we have never sold individual data or our database, and we have never purchased hacked-data resulting from social media platform breaches”.