[English]Security researchers have come across an open Cassandra database instance that probably contained data from the Russian website instarobot.pro. The website is known for offering services for spamming and botting on Instagram under the name Zeus. The records also included a reference to an Instagram influencer with 40 million followers using the Russian Zeus bot.
Advertising
Followers are everything on social media platforms – it has to be at least a million. I'm always amazed when I see the numbers – am orphaned there with ~ +/- 1,000 on Twitter, Facebook etc. That's why the case currently uncovered has already caught my eye.
The Zeus data leak
An October 7, the Cybernews research team discovered an open Cassandra instance storing private data from instarobot.pro. Cassandra is a simple distributed database management system for very large structured data. It is designed for high scalability and resilience for large distributed systems. Data is stored in key-value relationships. It is openly documented and implemented in Java.
The Russian-language website instarobot.pro offers services that enable spamming and botting on Instagram under the brand name Zeus. The tools provided by Zeus enable users to analyze Instagram accounts, buy fake likes and comments, and mass-view Stories, mass-follow accounts, and auto-reply to direct messages (DMs). The use of such tools is generally considered a violation of Instagram's Terms of Service and may negatively impact users.
What the database contained
The database contained a wealth of private information about customers of the Russian Zeus platform, such as who purchased botting services and for which accounts.
- The database contained full messages sent through the service, along with details on sender and recipient accounts, message content and timestamps.
- It also included statistics for 16k affiliate links posted by bots. This included information on how many people clicked on the links, how many of them registered for an account and how much they were paid for using that affiliate link.
- The database also included email confirmations for the creation of accounts that contained email addresses of their customers.
The information found in the unsecured database shows that some of the high-profile Instagram accounts are most likely using bot services. Some of the Instagram accounts have up to 40 million followers. In addition, the data shows that Zeus has used at least 443,000 different bot accounts.
Advertising
While the Zeus bot service most likely targets Russian customers, the leaked social accounts included those allegedly based in Spain, Poland and the United Kingdom, as well as countries in Latin America. The details can be read in this Cybernews article. Cybernews has been trying to contact instarobot.pro for five months. As of the time of writing the linked article, the service provider had not responded. Nor had it closed the open instance.
