
Instagram data breach 49M users’ sensitive data exposed online - cisomag
https://www.cisomag.com/instagram-data-breach-49-million-users-sensitive-data-exposed-online/
======
hughstephens
Lengthy conversation about this from the original article when TechCrunch
broke this[0] a couple of days ago.

Suggest reading/commenting there than this clickbaity rewrite

HN thread:
[https://news.ycombinator.com/item?id=19962790](https://news.ycombinator.com/item?id=19962790)

[0] [https://techcrunch.com/2019/05/20/instagram-influencer-
celeb...](https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-
accounts-scraped/)

------
asymptotically2
A TechCrunch article[0] suggests that all of this information was just scraped
from the Instagram site/API, so is it fair to call this "sensitive" data if
it's available to the public anyway?

[0]: [https://techcrunch.com/2019/05/20/instagram-influencer-
celeb...](https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-
accounts-scraped/)

~~~
wiz21c
same article says :

>>> but also contained their private contact information, such as the
Instagram account owner’s email address and phone number.

I doubt this is "scrapable".

~~~
mfatica
It is actually, if you go to instagram's website and view source, there's a
script tag containing a massive JSON payload with the response from their
graphql API which contains allllll the data for the page - this includes some
information that's not displayed on the page, which sometimes includes email
address and phone number. I had to scrape instagram for a school project and
stumbled upon this - I was planning to parse the html but if you just take out
that script tag as a JSON object you have all the page's data in an object for
you already.

------
csunbird
Again, Facebook/Instagram servers are not breached but the people that they
sell data are breached. Once the data the sell leaves original servers, the
data is no longer secure, it can be stolen or misused. Remember Cambridge
Analytics?

Facebook really needs to enforce strict restrictions and security audits on
third party data brokers.

------
Niksko
Misleading title. This appears to be a database of scraped data pertaining to
Instagram influencers, left unsecured in AWS by a social media marketing firm.

------
HNLurker2
Link or just clickbait?

