Instagram is again in news headlines for handling data poorly. In a recent report it has been found that users who have signed up for Social Captain – a media booting service are a victim to data breach. This means personal details of thousands of Instagram users using Social Captain is at stake.
According to a report published in TechCrunch the company Social Captain is storing passwords of Instagram account in an unencrypted plaintext. Data scientist and business consultant David Stier discovered that the source code for some of the user profiles on Instagram included the account holder’s contact information whenever it loaded in a web browser.
The contact information wasn’t on display on the profiles of the Instagram account holders when opened on the desktop version of Instagram’s website. However, it was used by Instagram’s app for communication.
“A security researcher, who asked not to be named, alerted TechCrunch to the vulnerability and provided a spreadsheet of about 10,000 scraped user accounts,” said the report. About 70 accounts were premium accounts of paid customers.
According to Adam Brown, Manager, Security Solutions, at Synopsys Software Integrity Group, design flaws are the cause of approximately 50 percent of all software vulnerabilities. “They are seldom detected without performing a design review as this activity requires select expertise. That said, in this case, a penetration test should have easily identified this flaw,” Brown told IANS.
“This is especially bad for affected users not just because their Instagram passwords are now breached, but also due to the fact that people commonly reuse passwords which could lead to unauthorized access of additional accounts by extension,” he elaborated.
Last year, Instagram was in trouble due to personal data leak of millions of influencers and celebrities done by a social media marketing firm based out of Mumbai. This seeped database contained approximately 49 million records of high-profile influencers.
In 2017, a bug in Instagram led to the leak of personal details of more than 6 million celebrity users, including Taylor Swift and Kim Kardashian. The stolen information was later dumped into a database and reportedly sold for $10 per record via Bitcoins.
“We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don’t know or trust,” an Instagram spokesperson was quoted as saying.
Users, who have already signed up on Social Caption to increase their followers, we request you to change your Instagram Passwords immediately.