Another data leak in Facebook’s timeline. This time it’s the Facebook-owned photo-sharing application Instagram. An unprotected AWS (Amazon Web Services) server containing personal information of millions of Instagram influencers, celebrities, and brand accounts have been found online, the TechCrunch reported.
According to the security researcher Anurag Sen, who discovered the leak and notified TechCrunch, the database had over 49 million records exposed online, allowing anyone to access. The exposed data included users’ biodata, profile picture, the number of followers they have, their location by city and country, and contact information like the Instagram account owner’s email address and phone number.
Anurag stated the leaky database belongs to a social media marketing firm Chtrbox, which is based in Indian state Mumbai. The database was taken offline and called for an investigation on the incident, Chtrbox stated.
Commenting on the security breach Facebook said, “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
A week ago, Facebook-owned messaging application WhatsApp revealed that it discovered a vulnerability in its network system that allowed hackers to install spyware via an infected WhatsApp voice call. The social messenger stated the spyware can exploit the mobile device, its calls, texts, and other data. It can also activate the phone’s camera, microphone, and able to perform other malicious activities. According to Facebook, the malicious spyware was developed by Israel-based cyber intelligence company NSO Group.
According to Facebook, the mobile devices with WhatsApp or WhatsApp Business installed in them are affected, including Apple’s iPhone (iOS), Android phones, Windows Phones, and Tizen devices. However, the company clarified that it’s unclear on the number of people spied on by hackers. Facebook has advised its users to update their WhatsApp applications for further protection. The company said it has implemented a server-side change to protect users and pushed out updates for the various smartphone WhatsApp versions.
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15,” Facebook said in a statement.