Instagram User Data Exposed By Third Party Boosting Service: Report


Instagram, like most social media platforms, has its share of user data leaks. A report by TechCrunch notes that a social media boosting service called Social Captain has led to Instagram user data leak. Thousands of Instagram usernames, passwords, and other sensitive information were stored in unencrypted plaintext, an easy catch for hackers.

Instagram User Data Exposed: Report


Instagram User Data Exposed

Social Captain is a service that helps users grow their Instagram follower base, a big boost for influencers. The vulnerability on the website could easily be accessed by anyone, surpassing the need for Instagram log in access and credentials. A security researcher, who didn't want to be named, alerted TechCrunch and provided a spreadsheet of nearly 10,000 scraped user accounts.

Social Captain later said that it had fixed the vulnerability and prevented direct access. The report notes that there were 70 premium accounts of paid customers, but many of those premium accounts also contained the customer's billing addresses. What's worse, a website bug allowed access to anyone by simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account.

As the account ID is part of the sequential, anyone could access and view the Instagram password, and even change it. It has breached Instagram's terms of service with improper storage of the login credentials. "We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don't know or trust," an Instagram spokesperson said.

Instagram User Data Exposed: Report


Passwords Still Visible

Even though Social Captain said it fixed the vulnerability, the report notes that passwords and other account information are still visible in the web page source code. Anthony Rogers, chief executive at Social Captain says that the early analysis indicated the issue was introduced during the past couple of weeks when the endpoint meant to facilitate integration with a third-party email service.

It had been temporarily made accessible without token-based authentication. He also noted that users will be alerted if there's a breach after finalizing the internal investigation. In case of a data breach, users would be urged to update their username and password combinations, Rogers said.

In any case, users who have signed up with Social Captain should change their Instagram passwords and credentials. Although Instagram wasn't directly involved in the data mishap, it affects the Facebook-owned social media platform and its users.

Most Read Articles
Best Mobiles in India

Read More About: news apps instagram data

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X