City, November 14, 2024 – A threat actor known as YoursData” has claimed to have scraped 540 million lines of Instagram data, raising significant concerns over user privacy and data security. The announcement was made on a popular dark web forum, where the actor indicated that the data includes both public and hidden details from the platform.
The scraped data reportedly encompasses usernames, full names, follower and following counts, account creation dates, biographies, external URLs, account categories, and locations. Cyber Daily’s analysis suggests that this could put over 540 million Instagram users at risk, which represents more than a quarter of the platform’s 2 billion monthly active users.
Initially, the threat actor reported 489 million lines of data, but subsequent updates indicated that the volume had increased to 540 million. YoursData has set a price of $5,000 for the complete dataset, although specific pricing for individual countries remains undisclosed. The actor also shared over 100 sample records, which CyberNews analyzed, concluding that the data appeared authentic, although some email addresses were not found in previous breaches, raising questions about the scrape’s legitimacy.
This incident comes amid ongoing scrutiny of Meta, Instagram’s parent company, which has faced allegations from Australian authorities regarding its own data scraping practices. Meta has been accused of scraping data from Australian users across its platforms, including Facebook, Instagram, Messenger, and WhatsApp, to train its AI systems, without offering an opt-out option to those users. Meta’s global privacy director, Melinda Claybaugh, confirmed that data from public accounts could be collected, a practice that contradicts the company’s stated policies against unauthorized data scraping.
Claybaugh acknowledged that unless users have set their posts to private since 2007, Meta has collected data from all public posts, including those of minors, raising further ethical concerns. Despite these practices, Meta maintains that scraping its data without permission is a violation of its terms and conditions and has established an External Data Misuse (EDM) team to combat data scraping.
The revelation of this massive data scrape highlights ongoing vulnerabilities in social media platforms and underscores the critical need for enhanced data protection measures to safeguard user information.
