A comprehensive new report from Business Insider today describes how Hyp3r's marketing startup could use Instagram loophole to provide an incredible amount of information about users. Hyp3r utilized “a combination of configuration errors and unleashed Instagram” to build “detailed profiles of people's movements and interests.”
Sylvania HomeKit Light Strip
Hyp3r describes itself as a “location-based marketing platform. “This means that the primary focus is to track posts in social media that contain location data. Once it collects user data sets, it allows its own customers to target those users with relevant ads.
In simpler terms: Hyp3r is a marketing company that tracks social media posts tagged with real-life sites. Then let customers interact directly with these posts through their tools and use that data to target users on social media with relevant advertising. Someone who visits a hotel and posts a selfie there may later be targeted by places from one of the hotel's competitors, for example.
Today's report explains that Hyp3r used four key tools to scrape data from Instagram users. First, it used an Instagram security hole that made it possible to "reset in specific places" and collect all the posts made from those places. Second: Hyp3r "systematically saved users' public Instagram stories" using that location data. Third, it "scraped the public user profiles on a broad basis, and collected information such as user bios and followers, which it then combined with the other location information."
Finally, Hyp3r used image recognition software on user records to analyze the images included. The result was a database that detailed a wealth of information about Instagram users:
The result of the public information it gathered was a sophisticated database of Instagram users, their interests and their movements that Hyp3r openly identified to customers as one of the keys sells points, despite the fact that Instagram's policies were structured so that nothing would be possible.
In a statement, Instagram said it has both removed Hyp3r from the platform and made changes to prevent this situation from recurring:
“HYP3R's actions were not sanctioned and violated our policies. As a result, we have removed them from our platform. We have also made a product change to help prevent other companies from scraping public site pages in this way, "said a spokesman in a statement.
The full report from Business Insider is definitely worth the read and can be found here.
Subscribe to 9to5Mac on YouTube for more Apple news: