According to his report TechCrunch, have leaked to Internet data users Instagram.. Specifically, one SOCIAL MEDIA service, called Social captain and helps them users to increase the number of their followers is leaking thousands of usernames and passwords owned by users of the well-known social networking platform.
A vulnerability in the service's website allowed anyone to connect to accounts of users using the Social Captain.
The revelation was made by a researcher security who did not want to give his name. The investigator notified the vulnerability and provided a file with about 10.000 exposed accounts Instagram users.
About 70 accounts were premium.
The Social Captain said she took care of it fix it immediately vulnerability, preventing unauthorized access to other users' profiles.
Instagram, for its part, said the service violated data protection terms by storing them credentials users without any protection.
“We are already conducting research and will take appropriate action. We encourage people never give their passwords to someone they don't know or trust", An Instagram spokesman said.
According to a security expert from Synopsys Software Integrity Group, design errors are responsible for 50% of all software vulnerabilities.
“They are rarely detected because they require specialized expertise. However, in this case, one penetration test could easily detect the vulnerability, "the expert said.
"This is especially bad for affected users, not only because Instagram passwords have been compromised, but also because people often reuse passwords, which means that someone could gain unauthorized access to other accounts, ”he said.
Instagram has also faced other incidents of data leaks from its users. Last May, for example, millions of personal data leaked celebrities and influencers. Once again the leak had begun by mistake of a third service. The leaked database contained 49 million archives.
Also in 2017, a bug on Instagram led to a leak of personal information 6 million famous users, such as Taylor Swift and Kim Kardashian. Later, the stolen files were put up for sale.