A massive database containing the contact information of millions of Instagram influencers, celebrities, and brand accounts has been exposed online. The database, hosted by Amazon Web Services, was left without a password allowing anyone to look inside. It is thought that the database has over 49 million records.
Colin Little, Senior Threat Analyst Centripetal Networks:
“This event confirms just how much like a toothpaste our own data is: once it’s out of the tube, it’s out and is never going back in. Phone numbers, email addresses, and other PII can be legally bought and sold and the only opportunity we have to consent to this act is to read the fine print or abstain from using the service; it can also be illegally acquired by criminals because the database within which they reside is improperly secured. In almost any other venue in the world, when I use the service of a business such as a mechanic, that mechanic is solely responsible for the quality and security of the product. I don’t have to see if VIP has checked a national muffler repair chain’s labor standard, and then find out that the chain contracts labor out to countless third parties. This is the risk of using online services, or even registering for an account: that this PII will be sold to third parties without my knowledge and without truly informed consent.”
To read more, please see the article.