A controversial report from Business Insider has highlighted how one of Instagram’s marketing partners, a small startup based in the USA, has manager to gather millions of users’ data without them being aware. Shockingly, this includes data from Stories, which are supposed to vanish after a short time. The company in question is called HYP3R and they’ve already been sent a cease and desist letter by Facebook.

Describing itself as a ‘location-based marketing platform’, the company named HYP3R told Business Insider that it didn’t break any guidelines in the methods used to collect user data. But according to the T&Cs of both Facebook and Instagram, partner companies are forbidden from gathering user data using ‘automated means’ unless they have permission from the social media company.

Since the discovery came to light, the marketing company has been banned from using Instagram’s platform for advertising. However, this was not before the company managed to siphon off the personal data belonging to millions of users across a period of roughly a year, according to the source from Business Insider.

Thus far, the Facebook-owned company hasn’t revealed any details around how many users have been affected by the data breach, and supposedly an investigation is still underway to work out the true volume of the problem.

According to the Business Insider report, HYP3R managed to scrape data from users’ Stories, time-limited status updates that disappear after 24 hours. But the company was able to save the Stories and identify user locations including gyms and hotels. The company also gathered personal data from publicly-accessible profiles, including user biographies and information about followers. HYP3R also used image-recognition technology to determine what was happening in user’s uploaded photographs.

‘HYP3R’s actions were not sanctioned and violate our policies (…) as a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.’

Facebook spokesperson

This news comes as no major surprise; it seems like we’re seeing more and more data breaches like this popping up in the news. And many of them seem to be related to the Facebook and Instagram platforms.

If you’re worried about security, consider that many people have already chosen to deactivate their Facebook accounts in the past. Even if your account is secure, you can’t guarantee that another third-party company won’t carry out some unauthorised data collection such as this instance.

If you have any other questions about online data security and how to choose a strong password, then get in touch with WiseGuys on 0808 123 2820.