Following a data breach exposing personal data of numerous high-profile influencers, Facebook's data and privacy troubles seem to have spilled over to Instagram. Seen as a beacon of hope for the social media giant in the midst of its data controversy and dwindling numbers, recently Instagram found itself in hot water after India-based influencer company Chtrbox left its online database unprotected.
Since then, it has revoked Chtrbox's access to the platform due to data misuse. In a statement to Marketing, Facebook said the data leak from third-party company Chtrbox has affected 350,000 individuals, contrary to the 49 million previously reported by media outlets. According to investigations, one of the ways Chtrbox acquired influencers’ phone numbers and email addresses was through information shared publicly on Instagram profiles.
However, Facebook said that the database was not specific to Instagram and included information from other sources. It also found "no evidence of a vulnerability that would have allowed private contact information to be obtained, scraped or otherwise from Instagram".
How much blame should be put on Instagram?
Director of KRDS Preetham Venkky said that as users share personal data beyond social media, with more channels such as publishers, tools, and brands, they should be mindful to distinguish and hold the appropriate companies responsible for such serious lapses.
"Facebook’s image and reputation seems have become collateral damage. But anyone who gets into the details of the issue will quickly realise that their personal IG data is safe, unless they’ve shared with other third parties like Chtrbox," said Venkky. He added that the new reality is that data breaches are inevitable and to enforce security amongst the platform's ecosystem of partners and developers can be complicated, as the data owner or agent has to be responsible as well.
"Against such a backdrop, Facebook and Google have fared comparatively better to most companies in data protection," he said.
Ambient Digital Group CEO Andrew Stephens also agreed that data breaches by tech companies, including Facebook and its subsidiaries, are “sadly becoming regular occurrences” and will not be stopping anytime soon. He added, “As much as I think people find it frustrating, my sense is that most people have become numb to it. I doubt whether it will have any real impact on these businesses long term.” While Stephens says that it is in all likelihood that Facebook has taken the matter seriously, and has invested enough to combat data breaches. Nonetheless, the issue will remain an ongoing one.
Meanwhile, head of digital at LOKi Suzen Chai said the general public's perception on Instagram may not be as significant as Facebook's range of private information is more far reaching than that of Instagram. However, the drop will affect Facebook's effort to be more transparent and secure with its information.
"We believe that individual accounts may take more caution in sharing their private details online, and as for business accounts, a majority of them utilises social media platform as the first point of contact for customer relationship management, and will continue to do so," said Chai.
To regain trust, she suggested that Facebook and Instagram reinforce security and privacy measures in their next update to show accountability and address the short term and long term steps in combating future breaches.
Despite the drop in public perception, CEO of Goodstuph Pat Law said that users may not have much alternatives, and will continue using the platform.
"Looking back, the #DeleteFacebook movement post Cambridge Analytica saga was all talk wasn’t it? The same folks talking about deleting Facebook was talking about it… on Facebook. I think, the moment there are true consequences to a person’s data being violated, for example, all the acts of infidelity in private messages on Facebook and Instagram being published online in Wikileaks fashion," she said.
I honestly don’t think users are going to stop using Facebook or Instagram. What’s their alternative?
Meanwhile, Chtrbox has claimed that the recent reports about millions of Instagram users affected in a data leak are "downright impossible and false". In the statement on its website, the company also said the data are already available from the public domain and does not contain any sensitive personal data or information.
Chtrbox, which has operated for over three years, said that it has never had data of over 350,000 influencers, making it impossible for the company to leak millions of records. However, it admitted that its database was left unsecured for approximately 72 hours.
As soon as we discovered the database vulnerability, we took immediate corrective action to secure the limited exposure.
According to Chtrbox, the database includes number of followers and engagement metrics that help the company to select relevant influencers for brand collaborations, and does not include passwords, bank details, and home addresses. A nominal amount of the data available from the public domain was reported by influencers themselves.
Additionally, Chtrbox affirmed that that no personal data has been sourced through unethical means. "Our database is for internal research use only, we have never sold individual data or our database, and we have never purchased hacked-data resulting from social media platform breaches. Our use of this database is only to help our internal team help brands create great content by pairing with the best influencers," it said.