A massive, unsecured database with private information of Instagram influencers, celebrities and brand accounts was discovered online and traced to Mumbai-based social media marketing firm Chatterbox, reports TechCrunch. The database was hosted by AWS, wasn’t password protected, and contained at least 49 million records. It contained public data scraped from public influencer accounts on Instagram, including their bio, profile picture, follower counts, whether they’re verified, and their location by city and country. However, it also contained influencers’ private information, including email addresses and phone numbers.

Discovered by security researcher Anurag Sen, the database also showed the value of each account, based on the number of followers, engagement, reach, likes and shares they had. This was used to determine how much Chtrbox should pay each influencer/celebrity. Chrtbox has now pulled the database offline. TechCrunch reports that it found several “high profile influencers” in the database, including prominent food bloggers, celebrities, and other social media personalities.

Celebrities’ data leaked before

About two years ago, hackers used an Instagram bug to scrape phone numbers and email addresses of 6 million Instagram accounts and sold the information online. Around 1,000 celebrities and verified users were targeted. The hackers also managed to scrape the information of unverified users and sold the data, charging $10 an inquiry via bitcoin.