Just In
- 3 hrs ago
Amazon Great Republic Day Sale 2021: Discount Offers On Premium Smartphones
- 8 hrs ago
Realme X9 Pro Likely Under Development: A New 5G Flagship?
- 11 hrs ago
Flipkart And Amazon Republic Day Sale: Discount Offers On iPhone 11, iPhone XR, iPhone 12 Mini, And More
- 11 hrs ago
Realme Race Appears At EEC Database; Three Other Models Get Certified As Well
Don't Miss
- News
'No time to waste': Joe Biden posts first tweet as US President
- Movies
Bigg Boss 14 January 20 Highlights: Devoleena Loses Cool After Nikki Comments On Her 'Me Too' Incident
- Sports
Malinga announces retirement from franchise cricket
- Finance
Should You Bet On Banking Stocks In 2021?
- Education
IBPS PO Prelims Scorecard 2020 Released
- Automobiles
Skoda Kushaq Teased On Website Ahead Of India Launch: Here Are All Details
- Travel
10 Best Places To Visit In Sikkim In January 2021
- Lifestyle
Ananya Panday Turns ‘Wannabe Kendall Jenner’ As She Strikes Quirky Poses In Subtle Makeup And Top Knot Bun
Instagram User Data Exposed By Third Party Boosting Service: Report
Instagram, like most social media platforms, has its share of user data leaks. A report by TechCrunch notes that a social media boosting service called Social Captain has led to Instagram user data leak. Thousands of Instagram usernames, passwords, and other sensitive information were stored in unencrypted plaintext, an easy catch for hackers.
Instagram User Data Exposed
Social Captain is a service that helps users grow their Instagram follower base, a big boost for influencers. The vulnerability on the website could easily be accessed by anyone, surpassing the need for Instagram log in access and credentials. A security researcher, who didn't want to be named, alerted TechCrunch and provided a spreadsheet of nearly 10,000 scraped user accounts.
Social Captain later said that it had fixed the vulnerability and prevented direct access. The report notes that there were 70 premium accounts of paid customers, but many of those premium accounts also contained the customer's billing addresses. What's worse, a website bug allowed access to anyone by simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account.
As the account ID is part of the sequential, anyone could access and view the Instagram password, and even change it. It has breached Instagram's terms of service with improper storage of the login credentials. "We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don't know or trust," an Instagram spokesperson said.
Passwords Still Visible
Even though Social Captain said it fixed the vulnerability, the report notes that passwords and other account information are still visible in the web page source code. Anthony Rogers, chief executive at Social Captain says that the early analysis indicated the issue was introduced during the past couple of weeks when the endpoint meant to facilitate integration with a third-party email service.
It had been temporarily made accessible without token-based authentication. He also noted that users will be alerted if there's a breach after finalizing the internal investigation. In case of a data breach, users would be urged to update their username and password combinations, Rogers said.
In any case, users who have signed up with Social Captain should change their Instagram passwords and credentials. Although Instagram wasn't directly involved in the data mishap, it affects the Facebook-owned social media platform and its users.
-
21,999
-
1,04,999
-
44,999
-
64,999
-
54,535
-
1,17,900
-
44,999
-
86,999
-
59,499
-
49,990
-
20,699
-
49,999
-
11,499
-
44,999
-
7,999
-
8,980
-
17,091
-
10,999
-
34,999
-
39,600
-
22,590
-
24,500
-
14,500
-
22,000
-
29,370
-
20,556
-
15,862
-
43,065
-
10,865
-
44,999