The database was stored on a server and was not protected by a password, leaving it vulnerable and accessible by anyone.
According to US site TechCrunch, which first reported the incident, the database contained more than 49 million records, including private contact information such as an Instagram account owners’ email addresses and phone numbers.
The report said the majority of accounts belonged to influencers, celebrities and brands, and was traced to an Indian marketing company called Chtrbox.
In a statement, Facebook-owned Instagram said it was still looking into the incident.
“We are investigating whether a third party improperly stored Instagram data, in violation of our policies,” an Instagram spokesman said.
“It’s also not clear whether the phone numbers and emails in Chtrbox’s database came from Instagram.
“Regardless, the possibility of third parties mishandling user data is something we take seriously, which is why we’re quickly working to understand what happened.”
The database was taken offline shortly after it was discovered, TechCrunch’s report said, and the firm has not commented on the incident.
The Mumbai-based company describes itself on its website as “the leading platform for brands to discover and collaborate with all kinds of talented influencers in India”.
Facebook has been at the centre of several data scandals involving the third-party use or mishandling of personal user data, most notably the Cambridge Analytica incident in 2018.