The target: Instagram, a Facebook-owned picture-sharing social network.
The take: 49 million user records, including name, number of followers, location, phone number and e-mail addresses.
The attack vector: An AWS database belonging to social media marketing firm Chtrbox was discovered to be publicly exposed and accessible to anyone with an internet connection.