Instagram leaked users’ personal data for months, claims researcher

He says that thousands of users, whose data was compromised, included private individuals, minors, along with businesses and brands. Since the contact information was available in the source code, the hackers were able to scrape it and assemble a virtual phone book with the contact details of these Instagram users. The researcher also linked his expose to a report which said that Mumbai-based social marketing media firm, Chtrbox, had obtained contact information for millions of Instagram accounts and stored it on an unsecured database. This helped hackers scrape the data to create a similar database.

Meanwhile, Instagram spokeswoman Stephanie Otway told CNET that the data Stier found in the website's source code was not private. “The contact information discovered in this case is not private contact information, but contact information a member of the Instagram community chose to share when converting their profile to a Business Profile. During the setup process for Business Profiles we display this information, remind people that it will be accessible to others, and allow them to update or remove the information,” Otway was quoted as saying.

Reportedly, Instagram also said the contact information acquired by Chtrbox was not private as well. However, it did say that the social marketing media firm did access some of the contact information in violation of Instagram policies (leading Instagram to revoke Chtrbox's access to its platform.) Chtrbox, however, denied that it sourced the information through unethical means.