Owned by the social media giant Facebook, the US-based photo and video-sharing social networking service, Instagram has become one of the most trending topics on Twitter after a social media booting startup called Social Captain, which helps users to grow their followers, leaked thousands of account details for potential hackers.
The users of this social media platform, which was launched in 2010, now became vulnerable to hacking after third party database leak. Here it should be noted that the work of Social Captain includes storing passwords of linked Instagram accounts in unencrypted plaintext. And now after the leak, anyone can access to any Social Captain user's profile without having to log in and access their Instagram login credentials.
The Instagram leak
As reported by the TechCrunch, an unnamed security researcher alerted the media to the vulnerability and provided a spreadsheet of about 10,000 compromised user accounts. Among these scraped accounts 70 accounts were premium accounts of paid customers.
Later, the booting company Social Captain stated that it had communicated with the IT officials and finally fixed the vulnerability issue. They also mentioned that the service has also prevented direct access to other users' profiles.
Meanwhile, the famous social media platform, Instagram said that the service breached its terms of service by improperly storing login credentials. In the report, an Instagram spokesperson said that the team of security experts are now investigating and will take appropriate action. In addition, he also stated that "We strongly encourage people to never give their passwords to someone they don't know or trust."
People who are signed up to the Social Captain are advised to change their Instagram passwords immediately.
Instagram data leak
In 2019, the celebrity favourite social media platform, Instagram accidentally leaked the private information of 49 million users including major influencers and bloggers. The compromised database contained details on celebrities, social media influencers and then brand accounts which were accessible by anyone. After discovering the database a security researcher, Anurag Sen informed TechCrunch about the security issue.
Reports claimed that it was easy for the researcher to discover the security problem because it was hosted by Amazon Web Services and did not need a password before viewing. Later when the media company traced the database back it led them to a Mumbai-based social media marketing firm Chtrbox, which has now taken the database offline.