Social Media

Instagram usernames, passwords exposed by social media boosting service

Prashasti Awasthi | Updated on January 31, 2020 Published on January 31, 2020

Vulnerability in Social Captain's website provided access to sensitive data of thousands of users, says report

Mumbai, January 31

Thousands of Instagram usernames and passwords have been leaked by Social Captain, a service that helps users grow their Instagram follower counts, reported TechCrunch.

A security researcher, who asked for anonymity, alerted TechCrunch about the leak and provided a spreadsheet of about 10,000 scraped user accounts to the web portal. Around 70 were premium accounts of paid customers.

Insecure storage

Social Captain has allegedly exposed sensitive information by storing passwords of linked Instagram accounts in unencrypted plaintext. Vulnerability in the website allowed anyone to get access to Social Captain’s user profile without Instagram login credentials.

Meanwhile, Social Captain has assured that it had fixed the vulnerability by preventing direct access to other users' profiles.

According to Instagram, Social Captain has breached its terms of service by mismanaging Instagram users’ sensitive information.

Instagram is currently investigating the case and has assured its users that prompt action will be taken against the social media boosting service. Condemning the privacy violation, an Instagram spokesperson cautioned people to not share their passwords to someone they don’t know or trust, the TechCrunch report added.

Design flaw

According to Adam Brown, Security Solutions Manager at Synopsys Software Integrity Group, the vulnerability arose due to a flaw in designing the online service. This has been the cause of approximately 50 per cent of all software vulnerabilities, IANS reported.

Brown believes that a simple penetration test could have identified the flaw, which Social Captain had not performed.

This is not the first time that Instagram finds itself in troubled waters over privacy violations. In May last year, the personal data of 49 million celebrities and social media influencers were allegedly exposed. The leak was traced to a Mumbai-based social media marketing firm.

This also happened in 2017, when a bug on Instagram led to the leak of personal details of more than six million celebrity users, including Taylor Swift and Kim Kardashian.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on January 31, 2020
This article is closed for comments.
Please Email the Editor