iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
About 540 million records containing Instagram user data from all over the world have been listed for sale online.
On a popular dark web forum, threat actor “YoursData” claimed to have scraped 489 million lines of Instagram data from the last three months.
“Scrape through Instagram API Both Public & Hidden Details included,” the threat actor said.
The threat actor soon provided updates saying the number of lines of data was increasing, with the latest update saying that there are 540 million lines for sale.
YoursData said the scraped data includes usernames, full names, “scrape_target_username”, follower and following counts, account creation dates, biographies, external URLs, account category, location, “id”, and “scrape id”.
The threat actor also posted “100+” record samples. Based on Cyber Daily’s observations, each record contains multiple types of data for the same individual, which could mean that 540 million users are at risk, over a quarter of Instagram’s 2 billion monthly active users.
Additionally, tech and security publication CyberNews analysed the sample and concluded that the sample not only determined that the listed number of records was for that many users but also that the data appeared authentic.
However, the publication’s researchers also noted that some user email addresses in the sample were not in previous breaches, suggesting the scrape could be fake.
While initially hesitant to list a price for the scraped data, YoursData has set the price for the entire dataset at $5,000, while prices for specific countries have not been disclosed.
Cyber Daily has reached out to Instagram’s parent company, Meta, for comment on the incident.
Meta itself has been under fire by Australian authorities for scraping the data of Australian Facebook, Instagram, Messenger and WhatsApp users to train its MetaAI.
The company scrapes the data of EU users as well but provides them with an “opt-out” option, one which was not granted to Australian users.
Meta’s global privacy director, Melinda Claybaugh, initially rejected the claim that it scrapes Australian data to build its AI following questions by Labor Senator Tony Sheldon.
However, after further questioning by Greens Senator David Shoebridge, Claybaugh confirmed that data from public accounts was being scraped.
“The truth of the matter is that unless you have consciously set those posts to private since 2007, Meta has just decided that you will scrape all of the photos and all of the texts from every public post on Instagram or Facebook since 2007, unless there was a conscious decision to set them on private. That’s the reality, isn’t it?” asked Senator Shoebridge, to which Claybaugh responded “correct”.
While Claybaugh did then confirm that accounts of under 18-year-olds would not be scraped, following questioning by Senator Sheldon asking if public photos of his children on his account would be scraped, Claybaugh said yes.
Ironically, Meta said that scraping its data or using automated processes to collect data from its platforms without its permission is a violation of its terms and conditions, and it has a dedicated External Data Misuse (EDM) team that detects and mitigates data scraping.
Be the first to hear the latest developments in the cyber industry.
