Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Instagram data breach 49M users’ sensitive data exposed online (cisomag.com)
24 points by cisomag 26 days ago | hide | past | web | favorite | 8 comments

Lengthy conversation about this from the original article when TechCrunch broke this[0] a couple of days ago.

Suggest reading/commenting there than this clickbaity rewrite

HN thread: https://news.ycombinator.com/item?id=19962790

[0] https://techcrunch.com/2019/05/20/instagram-influencer-celeb...

A TechCrunch article[0] suggests that all of this information was just scraped from the Instagram site/API, so is it fair to call this "sensitive" data if it's available to the public anyway?

[0]: https://techcrunch.com/2019/05/20/instagram-influencer-celeb...

same article says :

>>> but also contained their private contact information, such as the Instagram account owner’s email address and phone number.

I doubt this is "scrapable".

It is actually, if you go to instagram's website and view source, there's a script tag containing a massive JSON payload with the response from their graphql API which contains allllll the data for the page - this includes some information that's not displayed on the page, which sometimes includes email address and phone number. I had to scrape instagram for a school project and stumbled upon this - I was planning to parse the html but if you just take out that script tag as a JSON object you have all the page's data in an object for you already.

It's hard to say – most Instagram influencers provide a public contact email +/- phone number for "business enquiries".

Could be that the data that is listed was previously on the profile but not currently (or matched from another service) vs acquired directly.

Again, Facebook/Instagram servers are not breached but the people that they sell data are breached. Once the data the sell leaves original servers, the data is no longer secure, it can be stolen or misused. Remember Cambridge Analytics?

Facebook really needs to enforce strict restrictions and security audits on third party data brokers.

Misleading title. This appears to be a database of scraped data pertaining to Instagram influencers, left unsecured in AWS by a social media marketing firm.

Link or just clickbait?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact