A combination of configuration errors and lax oversight by Instagram allowed one of the social network's vetted advertising partners to misappropriate vast amounts of public user data and create detailed records of users' physical whereabouts, personal bios, and photos that were intended to vanish after 24 hours.
| | A combination of configuration errors and lax oversight by Instagram allowed one of the social network's vetted advertising partners to misappropriate vast amounts of public user data and create detailed records of users' physical whereabouts, personal bios, and photos that were intended to vanish after 24 hours.
The profiles, which were scraped and stitched together by San Francisco-based marketing firm HYP3R, were a clear violation of Instagram's rules. Yet it all occurred under Instagram's nose for the past year by a firm that Instagram had blessed as one of its "preferred marketing partners."
Business Insider spoke to multiple former employees of HYP3R to learn about its practices, and reviewed public documents and marketing materials that outline its capabilities.
The total volume of Instagram data HYP3R has obtained is not clear, though the firm has publicly claimed to have "a unique dataset of hundreds of millions of the highest value consumers in the world," and sources say more than of 90% of its data came from Instagram. It ingests in excess of one million Instagram posts a month, sources say.
On Wednesday, Instagram sent HYP3R a cease and desist letter after being presented with Business Insider's findings, and confirmed that the startup broke its rules.
|
|
| |
|
|