social network

BI: Instagram advertising partner collected data on the geolocation and “history” of millions of users, bypassing the rules of the service

The company sold this data to target ads by location.

Startup HYP3R collected data on the geolocation of millions of Instagram users, and also secretly stored their “stories” and other data, bypassing the rules of the service. The company took advantage of configuration errors and weak control by the social network. This was reported by Business Insider with reference to former startup employees.

As noted in the publication, it is not yet clear how many users were affected. The company has publicly stated that it has “a unique dataset of hundreds of millions of the most valuable consumers in the world.” One of the BI interlocutors said that HYP3R received 90% of the data from Instagram and processed up to a million publications per month.

After the appeal of journalists, Instagram representatives sent a pre-trial claim to HYP3R. The social network admitted that the startup acted in circumvention of the rules and limited its access to the platform.

HYP3R actions have not been authorized and violate our policies. As a result, we removed them from our platform. We have also made product changes to help prevent other companies from collecting geolocation data in this way.Instagram representatives

HYP3R told reporters that they did not violate the rules of the social network. The CEO of the company Carlos Garcia (Carlos Garcia) believes its actions are legal and is confident in the early resolution of any problems with Instagram.

HYP3R has been and always will be a company that provides genuine, delightful marketing that complies with consumer privacy rules and social media terms of use. We do not view any content or information that is not accessible to everyone.Carlos GarciaCEO HYP3R

According to BI, HYP3R only collected data from open profiles. The company did not have access to any non-public information. At the same time, a startup collected data bypassing the rules in at least three different ways.

How HYP3R collected data from Instagram

  • The security error of the service allowed the company to focus on specific locations like hotels and fitness rooms. The company collected all public records from these places;
  • HYP3R systematically saved user stories from locations of interest to the company. Including the company collected personal photos from the “stories”;
  • The startup also collected public information from users, including subscriber information and a biography. These data were combined with information from other sources and geolocation.

The collected data was processed using image recognition systems. In this way, the company also studied the contents of the photographs.

Screenshot from HYP3R promo video with system interface for Caesars Entertainment client

How HYP3R circumvented Instagram restrictions

Journalists recalled that before the situation with Cambridge Analytica Instagram allowed to collect geolocation data through the API, but then this feature was removed. HYP3R publicly welcomed the changes, but according to former employees, the company actually developed ways to circumvent restrictions.

The result was a tool that allows you to “geofence” locations and collect all available publications from a specific place. According to sources, the company has collected data from thousands of locations, including hotels, casinos, cruise ships, fitness clubs, stadiums and places for shopping. When a picture was published in one of these places, the data was automatically stored in the HYP3R systems for an indefinite period.

A key element of data collection was an undocumented feature of the service that became a public JSON package that combined information into a convenient format for processing. It remained available even after changes in the official API – just add a few characters to the URL of the web version.

An example of information available from a JSON package: geolocation is highlighted in red, a direct link to an image is highlighted in orange, a signature for publication is yellow, and a unique code for each entry is green.

In the case of “stories,” the company developed its own way of collecting data, since Instagram never connected them to the official API. Interlocutors of BI claim that HYP3R saved images along with “available metadata”.

How to use the data

All data in total allowed us to create a digital user profile with habits and movements. Customers can use the information in several ways.

For example, use the Engagement tool, which allows companies like Marriott to see and respond to all posts from her hotels, including comments and likes. In applications built on the official API, this is not possible.

Data can also be combined with information from other places and capitalize a customer profile. In addition, companies can customize ads based on user posts on Instagram.

Digital user profile based on collected data

Who is behind the HYP3R

As noted in BI, HYP3R is not a secretive organization. The company has been operating since 2015 and openly talked about its achievements in the field of data collection, and among its customers were companies like Pepsi and Hard Rock.

The startup was considered one of the most successful in Silicon Valley. He received an investment of $ 17.3 million in September 2018 from Silicon Valley Bank and Thayer Ventures. One of the members of the HYP3R board of directors is Jim Messina, a former assistant to Barack Obama.

In 2018, Instagram called HYP3R one of the “preferred marketing partners.” The company also won an award at the Cannes Lions Festival in 2017 and received the Fastest Most Innovative Company title in 2018 and 2019.

Back to top button