Instagram on Monday was trying to figure out how private contact information for millions of influential users of the service was amassed in an unguarded online database.
The online cache of data discovered by a security researcher was first written about by news site TechCrunch, which reported that it was traced back to Mumbai-based social media marketing firm Chtrbox.
"We're looking into the issue to understand if the data described - including email and phone numbers - was from Instagram or from other sources," Instagram said in an email reply to an AFP inquiry.
"We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available."
Scrapping information from Instagram accounts is against policies at the photo and video-centric social network owned by Facebook.
Chtrbox did not reply to a request for comment.
Chtrbox pays "influencers" to post sponsored content on their accounts.
The database was said to include email addresses and phone numbers as well as public information from account profiles.
The database was reported to lack a password or encryption, and was said to have more than 49 million records in it before being taken offline after a query was made to Chtrbox.
At its website, Chtrbox describes itself as a platform for brands to collaborate with influential social media characters in India.