Following a shocking expose from Business Insider, major Instagram ad partner Hyp3r has been banned by the platform for tracking millions of users’ locations, saving public Instagram Stories, and automatically scraping user data.
Hyp3r is “an award-winning location-based marketing platform” based out of San Francisco. The marketing firm has raised over $23 millions in funding, and up until yesterday they were identified as a trusted Facebook Marketing Partner. It offers location-based marketing data to brands, allowing, say, a hotel to target ads or interact with you on social media if you posted a photo from their rooftop bar.
The Business Insider report claims that about 90% of Hyp3r’s data comes through Instagram, and so when Facebook removed location tools from its API following the Cambridge Analytica scandal, Hyp3r was in trouble. The company publicly praised Instagram’s decision to protect its users’ privacy, releasing a statement that said Hyp3r, “understand[s] and welcome[s] the changes that Facebook is making to protect the privacy of all of us,” but according to Business Insider‘s sources, the marketing firm immediately got to work bypassing these restrictions behind the scenes.
The violations outlined in the report are threefold. First, Hyp3r took advantage of an Instagram “security lapse” to continue scraping users’ location data; second, the firm saved these users’ public Instagram Stories, which are supposed to disappear after 24 hours; and third, it scraped all of these profiles for publicly available data like follower count.
When Business Insider shared their findings with Instagram, the social network immediately confirmed that Hyp3r had violated its automated data gathering policies, sent Hyp3r a cease-and-desist letter, and banned the firm from its platform. “HYP3R’s actions were not sanctioned and violate our policies,” a spokesperson told BI. “As a result, we’ve removed them from our platform.”
BI says the volume of data that Hyp3r collected in violation Instagram’s terms is “not clear,” but they claim “vast amounts of public user data” were scraped, and Instagram is clearly taking the breach seriously.
To read the full expose—including assurances from Hyp3r that they’ve done nothing wrong by pulling data that can “be accessed publicly by everyone online”—head over to Business Insider. The report blames Instagram for “lax oversight,” while others believe the blamed lies squarely on Hyp3r for finding a way to bypass Instagram’s API updates. Who do you think is to blame?