Instagram adds to Facebook’s rash of privacy failures after now-former marketing partner sucked up huge amounts of user data


Man, the folks over at Facebook just cannot catch a break. Facebook-owned Instagram has terminated its relationship with a marketing company called Hyp3r after it was found that the company was ignoring privacy rules and collecting user data it wasn’t supposed to have. What makes this worse is that the company was listed as a preferred Facebook Marketing Partner for the past year.


Hyp3r is “…a location-based marketing platform that helps businesses unlock geosocial data to acquire and engage high-value customers”. In order to secure that info, it appears the company was hoovering up Instagram user data, in violation of Instagram’s rules. Business Insider first broke the news that the marketing company was storing user location data of “millions” of posts. It also saved public Stories — viewing them beyond the 24-hour mark where they’re supposed to expire — and scraped user profile data.

Hyp3r didn’t scoop up any private info but the data it had gathered allowed the company to construct profiles of Insta users that it wasn’t supposed to have. The same way so-called ‘shadow profiles’ work, the firm had harvested enough publicly-available data points to make privacy advocates very nervous. Especially since the company was supposed to have built its own tools to circumvent restrictions in Instagram’s API, according to Business Insider‘s sources.

Instagram didn’t sit around after this information was unearthed. The company told Business Insider that “HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.” Which is a decisive move but it’s one that really shouldn’t have to have been made. Facebook has seen its share of privacy violations in recent years and is supposed to be keeping an eye on events like these.

The other side

The marketing company has denied any wrongdoing. Hyp3r CEO Carlos Garcia said in a statement “Hyp3r is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online.”

Which, technically, is correct. However, the company’s collection and collation of user data allow them to build sophisticated profiles of users, that Hyp3r isn’t supposed to have. And those profiles were being touted to its customers. You know, the folks who want to know about Instagram’s users in order to market to them. No matter the company’s protests, the end result is the same. Hyp3r has been removed from Instagram’s Facebook Marketing Partner list and has had its access to the service’s APIs revoked.

Source: Business Insider via Engadget


About Author

Leave A Reply