Facebook-owned Instagram on Wednesday sent a cease and desist letter to Hyp3r, a San Francisco marketing startup that was found to be improperly collecting data from users.
As reported by Business Insider, Hyp3r created tools that allowed it to collect public Instagram data, including user posts, profile information and locations they visited. That data could then be used by Hyp3r's clients to target people with ads, the report says. Among other information, Hyp3r collected and stored data from Instagram Stories, which disappear after 24 hours and are not accessible through tools Instagram makes available to third parties.
"Hyp3r's actions were not sanctioned and violate our policies," an Instagram spokesperson told CNBC. "As a result, we've removed them from our platform. We've also made a product change that should help prevent other companies from scraping public location pages in this way."
Hyp3r was exploiting an Instagram feature that allowed anybody to see information on public Location pages, even if they weren't logged into Instagram at the time. Instagram did this in part to showcase material on the service and ensure that it showed up in Google search results. Moving forward, Instagram is closing off access to these Location pages unless a users logged into the service.
Hyp3r told CNBC that it did not break Instagram's rules.
"Hyp3r is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online."
This incident comes after Facebook's March 2018 Cambridge Analytica scandal, in which a political consulting firm accessed the data of 87 million Facebook users without authorization, setting off a wave of negative publicity related to how Facebook collects, stores and secures information about users.