A marketing company from San Francisco, U.S.A., collected the posts and data of millions of Instagram users due to a fault in the site’s security system and its lack of surveillance.
The firm, Hyp3r, was an official Facebook Marketing Partner, but the platform has cut all collaboration since the disclosure of the leak by the Business Insider news site.
Hyp3r collected data from Instagram public profiles on location data bases. Photos and videos shared from a given location automatically linked the firm to profile photos, profile data and subscriber numbers. The posts were saved for an indeterminate period, even those that are normally visible for only 24 hours on Instagram profiles. Hyp3r did not collect data from protected profiles.
Details of the data stored by the firm are still not known. Hyp3r had indicated that it had a single data base of hundreds of millions of “the most precious clients” in the world. According to former Hyp3r staff, the firm collected over 90% of its data through Instagram and reportedly stocked more than a million posts per month.
With this data, Hyp3r has been selling an advertising tool to companies which, as a result, are able to do targeted marketing based on location databases and known preferences.
An Instagram spokesman told Business Insider that Hyp3r’s method had not been approved and was not in keeping with Instagram’s policy. As a result, the firm was removed from Instagram’s platform.
Hyp3r CEO Carlos Garcia maintained that his company did no wrong and operated in compliance with the social network’s rules of confidentiality and conditions of use. He added that Hyp3r did not visualise content or information that was not accessible to the public.