It’s a day ending in “y”, which means it’s time for a reminder of how Facebook handles your private data – badly. Today it’s Instagram’s turn, with users’ contact details exposed in web profiles regardless of whether the user chose to make it public or not.
CNET reports that contact information (name, phone number, email address, etc) was visible in the source code for some profile pages on Instagram’s web interface for some four months. The flaw was reported to the company in February, and fixed in March.
Also this week, a contact database sourced from Chtrbox (a marketing firm that works with Instagram influencers) was discovered publicly available for about 3 days.
The database contains 49 million individuals and appears to contain data that may have been scraped from Instagram profiles. The company says nothing in the database wasn’t already public or disclosed to them by clients, though – it may be unrelated to this issue.
Whether or not users’ contact data exposed by Instagram was collected by Chtrbox or by someone else, it’s still poor practice and speaks to a lack of care taken by Instagram developers in dealing with sensitive information.
The future might be private, but the present is a constant personal privacy nightmare.