Yellow Pages Directory Inc

Tag: Data Breach

Instagram Allegedly Leaking Private Phone Numbers, Email Addresses of Members for Months

NEW YORK - Instagram, a photo and video sharing social networking service owned by Facebook, has come under fire recently as reports indicated that the social site had leaked the contact information of many of its users – including names, email addresses, and phone numbers – over a period of time that lasted at least four months.

Apparently the contact information for many Instagram users had been compromised hackers who had the ability to acquire information from any affected Instagram page. File photo: Pixabay.

According to data scientists, the contact information of some Instagram users was actually contained in the source code of their user profiles whenever loaded in an Internet browser, making it easy for unscrupulous individuals to access and gather it for a variety of purposes. Why such sensitive information was included in the source code for the website is anyone's guess, but it’s not considered a secure practice by any means.

Apparently the contact information for many Instagram users – but not the entirety of them – had been compromised by this issue, some of whom were minors, businesses, and known marketing brands. Hackers and scam artists would have the ability to acquire this information from any affected Instagram page, and in turn construct a database comprised of the contact details of a great number of Instagram members

Instagram released a statement regarding the issue, noting that the information that had been leaked was not considered private; it could be argued that the users who were compromised would not agree with this assessment of the situation, however, nor does the statement address why the contact information was actually contained in the source code.

"The contact information discovered in this case is not private contact information, but contact information a member of the Instagram community chose to share when converting their profile to a Business Profile," they said. "During the setup process for Business Profiles we display this information, remind people that it will be accessible to others, and allow them to update or remove the information."

According to reports, this sensitive data has already spread to various marketing companies, including one located in India that had allegedly acquired contact information of millions of Instagram users. Such use of their member’s information is against Instagram's terms of use, but it's readily apparent that any unscrupulous marketing company that is willing to engage in this type of behavior cares little for the terms of a website.

Reports indicate that phone numbers and email addresses have been contained in the Instagram source code of selected profiles for several months. The problem was reported to the Instagram tech support team in February of 2019, and was eventually rectified the following March.

In a day and age where personal information is becoming easier and easier for marketing types to find and exploit on the internet, programming and coding errors can only exasperate that problem. This is especially true when that information is relatively easy for hackers with even a rudimentary level of computer skill to obtain, such as the case with the Instagram source code. Another example of this problem involves Google, who recently admitted that it had been storing the passwords of some of their business customers as mere plain text, as opposed to an encrypted format. Practices such as these place the users of such websites at considerable risk for identity theft and fraud, and the companies involved owe it to their users to greatly enhance their security measures and to take greater care with the private information of their many millions of users.

Currently, user contact information is only available for outside viewers on Instagram if the user profile in question has selected the option for outside individuals to contact them through the website. While that is not ideal – as it still puts sensitive personal information out on the web – at least this is by choice and not through a programming and coding error that managed to slip through the cracks. And considering the fact that scraping data from a website is considered relatively easy according to experts, it's best not to give hackers and scammers and an even easier time of it than usual.

Criminals armed with a name, email address, or phone number can do untold damage, believe it or not. That information, combined with other identifying characteristics about you that could be mined from any number of web-based sources, could result in rampant identity theft that could tank your credit rating, leave you responsible for multiple expensive charges, and even more.

It's been said before, and again - in today's day and age of robust and frequent internet activity, it's best to sit back and rethink the information that you make publicly available on the web for all to see; unfortunately, most people don't tend to make this consideration until it is far too late. Just remember, if it's not something you would want a total stranger to know about yourself in real life, you probably shouldn't put it on the web, either.

CompliancePoint Announces White Paper on Data Breach Security Measures: 61% of Breach Victims, Businesses with 1000 Employees

White Paper Shows How System Patching & Vulnerability/Penetration Testing Can Help With Prevention


ATLANTA, GA – CompliancePoint, a leading provider of information security and risk management services focused on privacy, data security, compliance and vendor risk management, announced today a new white paper focused on methods such as system patching and penetration testing used as best practices to prevent a data breach. Nearly a quarter of businesses say it would take them 60 days to detect a breach(1); a recent analysis of breaches shows that smaller companies are just as vulnerable as larger ones.   Click here to download the white paper.


Businesses and Data Management


The frequency of data breaches, like theft, loss or accidental release of private information, is on the rise and this is not just a problem centered around today’s largest companies. Small and mid-sized businesses with fewer data security resources are particularly vulnerable. According to the 2017 Verizon Data Breach Investigations Report, 61% of the data breach victims were businesses with under 1,000 employees. Attacks on smaller businesses can wreak as much damage as the ones making headlines on today’s largest companies.


System patching and vulnerability testing are two proven methods of preventative strategies organizations of every size can utilize in the protection of sensitive data.  With a number of businesses unaware or unable to implement these strategies, CompliancePoint offers tangible implementation techniques for any organization as outlined in the paper.


Vulnerability, Penetration Testing & Implementation


The only way to make sure something is as secure as possible, is to test it regularly. It is wise for any organization storing, processing and/or sharing data to hire an experienced, respectable Vul/Pen expert to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside a security system.


How regular penetration testing helps strengthen security and expose vulnerabilities:


•            Exposes real-world risks and vulnerabilities

•            Encourages trust between stakeholders and protects the organizations bottom line

•            Ensures business continuity by eliminating disruptions

•            Follows regulations and certifications to maintain compliance


“Data security and privacy vulnerabilities can expose any organization to a tremendous amount of risk,” said Greg Sparrow, Vice President and General Manager at CompliancePoint. It’s important to understand the importance of a solid data security plan utilizing these proven methods of prevention apply to businesses of all sizes.  This isn’t just a problem for big corporations.”


To view CompliancePoint’s new white paper: Data Breach Fundamentals For Any Organization: Preparing Your Organization With System Patching, or Vulnerability/Penetration Testing, click here.


About CompliancePoint

CompliancePoint is a leading provider of information security and risk management services focused on privacy, data security, compliance and vendor risk management. The company’s mission is to help clients interact responsibly with their customers and the marketplace. CompliancePoint provides a full suite of services across the entire life cycle of risk management using a FIND, FIX & MANAGE approach. CompliancePoint can help organizations prepare for critical need such as GDPR with project initiation and buy-in, strategic consulting, data inventory and mapping, readiness assessments, PIMS & ISMS framework design and implementation, and ongoing program management and monitoring. The company’s history of dealing with both privacy and data security, inside knowledge of regulatory actions and combination of services and technology solutions makes CompliancePoint uniquely qualified to assist clients.


1: CompliancePoint online survey of data breach issues presented to North American business executives; May 2018.

Add Your Business

Add your business to Yellow Pages Goes Green®

No More Printed Yellow Pages