Instagram let a marketing company scrape users’ location data

Speaking at the 2019 F8 developers’ conference, Mark Zuckerberg assured the gathered crowd that “the future is private.” Apparently, he forgot to pass that message along to Facebook-owned Instagram. 

According to Business Insider, “lax oversight” at the social media service permitted San Francisco-based marketing company HYP3R to scrape location data on millions of Instagram users in violation of the app’s rules. Notably, Instagram only did something about this after Business Insider flagged the abuse. 

“HYP3R’s actions were not sanctioned and violate our policies,” an Instagram spokesperson told the publication. “As a result, we’ve removed them from our platform.” 

HYP3R describes itself as “a location-based marketing platform that helps businesses unlock geosocial data to acquire and engage high-value customers.”

The company’s website touts endorsements from the likes of PepsiCo, Hard Rock International, and Marriott International. 

The marketing firm denies violating Instagram’s rules, and insisted to Business Insider that this will all be cleared up shortly. 

Importantly, the information that HYP3R allegedly gathered and collated into profiles was all shared publicly. It reportedly included location information, profile information, follower lists, and Instagram Stories — the latter of which are typically intended to disappear after 24 hours. 

HYP3R was listed as one of Instagrams “preferred marketing partners” — a fact that might be revealing if Facebook hadn’t already shown itself to be a company with preferences that don’t include user privacy.