Business Insider reports that marketing startup Hyp3r was able to use Instagram loopholes to garner a huge amount of information about users.
Hyp3r took advantage of “a combination of configuration errors and lax oversight by Instagram” to build “detailed profiles of people’s movements and interests,” according to the report.
Hyp3r describes itself as a “location-based marketing platform.” This means that its primary focus is on tracking social media posts that include location data. Once it collects datasets of users, it lets its own customers target those users with relevant advertisements.
Although the information in stories is intended to vanish within 24 hours, the marketing company was capturing and saving it, in violation of the social media platform’s rules.
Facebook, which owns Instagram, sent Hyp3r a cease-and-desist letter after the marketing company’s activities were uncovered by Business Insider.
The social media giant could face a fine of up to 4% of its global turnover if it fails to inform users and the regulator of a data breach within 72 hours of that breach being discovered.
Last year the Information Commissioner’s Office in the UK fined Facebook £500,000 for the “serious breach of data protection law” which occurred when it inappropriately shared the information of 87 million users with Cambridge Analytica.
Hyp3r has denied breaking Instagram’s terms of service, according to Business Insider.
Facebook’s terms of service state: “You may not access or collect data from our products using automated means (without our prior permission) or attempt to access data you do not have permission to access.”
Instagram’s terms of service are similar: “You can’t attempt to create accounts or access or collect information in unauthorised ways. This includes creating accounts or collecting information in an automated way without our express permission.”
The marketing company’s chief executive Carlos Garcia told Business Insider: “Hyp3r is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network terms of services.
“We do not view any content or information that cannot be accessed publicly by everyone online,” he added.
Read the Business Insider report here.