We traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts. Each record in the database contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had. This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.

How can this even be news .. Seems one would expect this to happen pretty often with all of the tools and instructions found out in the open on the internet on just how to scrape anything you want.

Some guy goes over to GitHub or Stack Overflow, reads something for 10 minutes, and next thing you know, Badda-Bing-Aint-Nothin-But-A-Thing he's got millions of people's data sitting around on a server somewhere in an unsecure fashion.

I think that what could possibly make this news is that *facebook isn't even a little bit proactive when it comes to preventing these sorts of things from happening - If I didn't know any better, I'd venture to guess that for the increased frequency of these things happening, *facebook might welcome the intrusions.

I have no idea of the legality of the data collected, but, I think the point is that, this company, is keeping its database publicly accessible (so without password, or restriction of some kind). And of-course, I doubt they obtained the explicit consent from the European individuals concerned :)

You're correct, mcneely, we've become numb to the news.
It has become commonplace, but we shouldn't become complacent.
It's not just Facebook, of course.
The real story that doesn't get covered is not just the theft of the data, but the result of the theft. I'm still getting attempts from a theft from 2013. For me, it's easy to deal with, but just an annoyance.

Facebook, Instagram and now Faceapp

All (or most) linked to a single company.

One reason why there's a new interest at the highest levels to take a deep look at FB operations.