Gizbot Logo Gizbot Logo Light
A Oneindia Venture
Get Updates
Get notified on the latest car launches, bike deals, and insights!

Choose Language

Home
News

Instagram User Data Exposed By Third Party Boosting Service: Report

By
Add as a preferred source on Google

Instagram, like most social media platforms, has its share of user data leaks. A report by TechCrunch notes that a social media boosting service called Social Captain has led to Instagram user data leak. Thousands of Instagram usernames, passwords, and other sensitive information were stored in unencrypted plaintext, an easy catch for hackers.

Instagram User Data Exposed: Report

Instagram User Data Exposed

Social Captain is a service that helps users grow their Instagram follower base, a big boost for influencers. The vulnerability on the website could easily be accessed by anyone, surpassing the need for Instagram log in access and credentials. A security researcher, who didn't want to be named, alerted TechCrunch and provided a spreadsheet of nearly 10,000 scraped user accounts.

Social Captain later said that it had fixed the vulnerability and prevented direct access. The report notes that there were 70 premium accounts of paid customers, but many of those premium accounts also contained the customer's billing addresses. What's worse, a website bug allowed access to anyone by simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account.

As the account ID is part of the sequential, anyone could access and view the Instagram password, and even change it. It has breached Instagram's terms of service with improper storage of the login credentials. "We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don't know or trust," an Instagram spokesperson said.

Instagram User Data Exposed: Report
source  

Passwords Still Visible

Even though Social Captain said it fixed the vulnerability, the report notes that passwords and other account information are still visible in the web page source code. Anthony Rogers, chief executive at Social Captain says that the early analysis indicated the issue was introduced during the past couple of weeks when the endpoint meant to facilitate integration with a third-party email service.

It had been temporarily made accessible without token-based authentication. He also noted that users will be alerted if there's a breach after finalizing the internal investigation. In case of a data breach, users would be urged to update their username and password combinations, Rogers said.

In any case, users who have signed up with Social Captain should change their Instagram passwords and credentials. Although Instagram wasn't directly involved in the data mishap, it affects the Facebook-owned social media platform and its users.

Comments

More from GizBot

Best Mobiles in India

Story first published: Friday, January 31, 2020, 13:52 [IST]
Other articles published on Jan 31, 2020

Explore the latest in technology, gadgets, and innovation. Stay updated with smartphone launches, reviews, comparisons, and expert insights.

Learn More

About Us
Contact Us
Feedback
Grievance

Terms & Policies

Terms of Service
Privacy Policy
Code of Business
Cookie Policy
Corrections Policy

© 2025 Greynium Information Technologies Pvt. Ltd.

All Rights Reserved.

Notifications
Settings
Clear Notifications
Notifications
Use the toggle to switch on notifications
  • Block for 8 hours
  • Block for 12 hours
  • Block for 24 hours
  • Don't block
Gender
Select your Gender
  • Male
  • Female
  • Others
Age
Select your Age Range
  • Under 18
  • 18 to 25
  • 26 to 35
  • 36 to 45
  • 45 to 55
  • 55+
Sign Out
X