Friday, May 24, 2019

Instagram website was leaking user details for months

A security researcher has revealed that Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months.

Data scientist and business consultant David Stier discovered that the source code for some of the social network's user profiles included the account holder's contact information whenever it loaded in a web browser. He notified Instagram regarding the issue shortly after he discovered it earlier this year.

The desktop version of the Instagram's website did now show user's contact information in their profiles but it was used by the photo-sharing site's app for communication.

According to Stier, the contact information for thousands of accounts was exposed and private individuals including some minors as well as businesses were affected. Cybercriminals could have easily scraped this data from Instagram's website to create an index filled with the contact details of thousands of the service's users.

Leaked contact information

Facebook said that it was investigating the issue this week but did not provide further details into its findings. 

This isn't the first time that data from Instagram was leaked online and the company is also investigating a database filled with user information left unsecured by a marketing company called Chtrbox.

Stier found evidence that user's phone numbers and emails had been in Instagram's source code since at least October by examining archived versions of Instagram profiles. He first reported the issue to the company in February and it was fixed in march.

Unfortunately, the contact information is still available on the Instagram app from users who opted into letting others contact them through the app. This is a bit better than including this sensitive data in the site's source code but not by much as hackers could use social engineering to obtain this information for themselves.

  • Protect your systems from the latest cyber threats with the best antivirus

Via CNET

Disqus Comments