A vast array of private data, apparently focused on Instagram users, was found on the internet and left unsecured so that anyone who accessed it could read what was inside.
The record included the personal information of 49 million people before it was shut down, according to Techcrunch, which first reported the breach. It contained publicly available information scraped from their Instagram accounts – such as their profiile picture and location – but also personal and private data, such as their email address and phone number.
It also included details of the reach and engagement of users' posts, which was used to generate a financial value for account holders to decide how much they could be paid for advertising.
It included the information of several high profile people and using the contact information inside the document did allow people to speak with them, Techcrunch reported.
The trove of data appears to have been generated by a social media marketing firm, which allows people to be paid to be post sponsored content and ads onto their Instagram accounts.
The database has now been taken offline after its existence was discovered by a security researcher.
It is still not clear how the marketing firm – which is not part of Instagram – was able to generate such a vast amount of data. Instagram has admitted in the past that it has mistakenly allowed people to scrape private information from people's accounts, though it is not clear whether the new information came from such a hack.
Facebook said that it was trying to find the source of the information and how it was made public. The Indian marketing firm accused of making it available is yet to comment.