The last thing anyone wants is their personal information leaked online, but that’s exactly what happened to some Instagram users.

Recently, a database containing the information of millions of Instagram influencers was discovered online by security researcher Anurag Sen, TechCrunch reported.

The database was hosted on Amazon Web Servers and left wide open for people to view. It contained as many as 49 million records with public information scrapped from users’ accounts such as their bio, profile picture, and follower counts. However, the database also included personal information such as email addresses, phone numbers, and sometimes locations.

TechCrunch traced the database to Chtrbox, a Mumbai-based social media marketing firm. The company’s site claims it helps influencers with “campaigns and sponsorships from some of the best brands, agencies & startups.”

Each of the records discovered in the database included the calculated worth of each account, based on engagement, followers, and other factors. According to TechCrunch, that was used as a metric to determine how much the company would pay an Instagram influencer to post an ad.

When contacted by TechCrunch, Chtrbox deleted the database but declined to comment. An Instagram spokesperson told Engadget that the company is looking into the issue to see if the data came from Instagram directly or other sources.

“We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available,” the spokesperson said.

Instagram is no stranger to leaked data or other security issues. In March, Facebook — Instagram’s parent company — confirmed it stored millions of passwords in plain text.

Facebook has faced increasing pressure to improve their security practices, but it’s clear that the company also needs to do the same with Instagram.