A Major New Report from Business Insider today describes how marketing starter Hyp3r has been able to gather an incredible amount of user information through Instagram gaps. Hyp3r used "a combination of configuration errors and careless control through Instagram" to create "detailed profiles of people's movements and interests".
Sylvania HomeKit Light Strip
Hyp3r describes itself as a "location-based marketing platform". That means his focus is on tracking social media posts that contain location data. Once records have been collected by users, their own customers can target those users with relevant advertisements.
More simply, Hyp3r is a marketing company that tracks social media posts that have real-world locations. Then, customers can use their tools to interact directly with these posts and use that data to engage social media users with relevant ads. Someone who visits a hotel and publishes a selfie could later be approached, for example, with pitches of a competitor of the hotel.
Today's report states that Hyp3r has used four key tools to remove data from Instagram users. First, it used an Instagram vulnerability that allowed it to focus on specific places and collect all the posts created from those places. Second, Hyp3r systematically "stored users' public Instagram stories" and used that location data again. Third, "broad-based public user profiles were collected and information such as user bios and followers were collected, which were then combined with the other location information."
Finally, Hyp3r used image recognition software for user contributions to analyze these images. The result was a database with a wealth of information about Instagram users:
The result of public information was a sophisticated database of Instagram users, their interests and their movements, which Hyp3r presented to customers as one of their key selling points, despite the fact that Instagram's policies were structured so that it was not possible.
In a statement, Instagram stated that it had removed Hyp3r from its platform and made changes to prevent it from reoccurring:
"The actions of HYP3R were not sanctioned and violated our policies. That's why we removed them from our platform. We also made a product change to prevent other companies from scraping public sites' sites, a spokesperson said in a statement.
The full report of Business Insider is absolutely valuable reading and can be found here.
Subscribe to 9to5Mac on YouTube for more Apple News: