The database, which was hosted by Amazon Web Services and contains more than 49 million records, was accessible without a password or other credentials, according to the security researcher who informed TechCrunch about the leak.
Records include public data retrieved from Instagram such as profile picture, biography and follower numbers, as well as private contact information such as phone numbers and email addresses.
Records also calculated the "value" of each account based on follower count, engagement, reach, likes, and shares.
The database was originally uploaded and shared by Mumbai-based social media marketing company Chtrbox. Chtrbox is a company that pays Instagram influencers to share sponsored content. Although uploaded by Chtrbox, the database contains information from influencers who have never collaborated with the company.
TechCrunch found several prominent influencers in the exposed database, including prominent food bloggers, celebrities, and other social media influencers.
We randomly contacted several people whose information was found in the database and gave them their phone numbers. Two of the people answered and confirmed that their email address and the phone number found in the database were used to set up their Instagram accounts. Both had no involvement in Chtrbox, they said.
After a message from TechCrunch Chtrbox put the database offline, but the company's CEO did not respond to a request for comments on how the data was obtained.
Instagram's Facebook parent claimed to investigate the problem and determine if the data came from Instagram or other sources. "We also ask Chtrbox where this data came from and how it became publicly available," said Facebook.