Just In
Don't Miss
-
Covid19 Impact: Following RBI's Nudge, CMS To Offer Doorstep Cash Delivery To Senior Citizens And Di -
Eicher Group Donates Rs 50 Crore To Fight COVID-19 Pandemic In India -
COVID-19: Maharashtra reports 117 new cases, total count 1135; eight deaths -
Neymar welcome anytime at Barca, says Suarez -
Annaatthe: The Rajinikanth-Siva Project Gets Postponed Again! -
5 Quick And Amazing Ways To Remove Facial Hair At Home During Quarantine -
10 Best Places To Visit In Sikkim In April -
CBSE Academic Calendar 2020-21 For Class 1 To 12
Instagram User Data Exposed By Third Party Boosting Service: Report
Instagram, like most social media platforms, has its share of user data leaks. A report by TechCrunch notes that a social media boosting service called Social Captain has led to Instagram user data leak. Thousands of Instagram usernames, passwords, and other sensitive information were stored in unencrypted plaintext, an easy catch for hackers.
Instagram User Data Exposed
Social Captain is a service that helps users grow their Instagram follower base, a big boost for influencers. The vulnerability on the website could easily be accessed by anyone, surpassing the need for Instagram log in access and credentials. A security researcher, who didn't want to be named, alerted TechCrunch and provided a spreadsheet of nearly 10,000 scraped user accounts.
Social Captain later said that it had fixed the vulnerability and prevented direct access. The report notes that there were 70 premium accounts of paid customers, but many of those premium accounts also contained the customer's billing addresses. What's worse, a website bug allowed access to anyone by simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account.
As the account ID is part of the sequential, anyone could access and view the Instagram password, and even change it. It has breached Instagram's terms of service with improper storage of the login credentials. "We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don't know or trust," an Instagram spokesperson said.
Passwords Still Visible
Even though Social Captain said it fixed the vulnerability, the report notes that passwords and other account information are still visible in the web page source code. Anthony Rogers, chief executive at Social Captain says that the early analysis indicated the issue was introduced during the past couple of weeks when the endpoint meant to facilitate integration with a third-party email service.
It had been temporarily made accessible without token-based authentication. He also noted that users will be alerted if there's a breach after finalizing the internal investigation. In case of a data breach, users would be urged to update their username and password combinations, Rogers said.
In any case, users who have signed up with Social Captain should change their Instagram passwords and credentials. Although Instagram wasn't directly involved in the data mishap, it affects the Facebook-owned social media platform and its users.
-
29,400 -
38,990 -
29,999 -
16,999 -
23,999 -
18,500 -
21,900 -
92,999 -
17,999 -
37,999
-
42,099 -
16,999
-
23,999
-
17,999
-
29,495 -
18,990 -
14,999 -
64,900 -
34,980 -
45,900
-
32,999 -
36,950 -
18,999 -
11,999 -
11,999 -
9,999 -
10,999 -
29,999 -
8,999 -
39,990
