Millions of Instagram influencers were at risk of being hacked after a database of their personal information was found online.
The database was stored on a service and was not protected by any password, leaving it vulnerable and accessible to anyone.
According to US website TechCrunch, which first reported the incident, the details of more than 49 million users, including private contact information such as email addresses and phone numbers, were all easily accessible.
The majority of the accounts were that of influencers, celebrities and brands, according to the report. The link was traced back to Indian marketing firm called Chrtbox.
Facebook-owned Instagram said it was looking into the incident.
In a statement, an Instagram spokesman said: “We are investigating whether a third party improperly stored Instagram data, in violation of our policies.
“It’s also not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram.
“Regardless, the possibility of third parties mishandling user data is something we take seriously, which is why we’re quickly working to understand what happened.”
The database was taken offline shortly after it was discovered, TechCrunch’s report said, and the firm has not commented on the incident.
The Mumbai-based company describes itself on its website as “the leading platform for brands to discover and collaborate with all kinds of talented influencers in India”.
Facebook has been at the centre of several data scandals involving the third-party use or mishandling of personal user data, most notably the Cambridge Analytica incident in 2018.