Instagram, which is one of the most loved and most used social media applications in the world, is making an impression with interesting news these days. The social media initiative that a user put into service to increase their Instagram followers revealed the passwords of thousands of Instagram accounts. It is a matter of curiosity how the repercussions will be.
Let’s start our news by letting the company SocialCaptain say that it helps users increase their number of followers by linking their Instagram accounts to their platform, and for this they want people to register on the platform by entering their Instagram username and password.
SocialCaptain kept the passwords of Instagram accounts in unprotected plain text, according to information obtained this week by the online publisher TechCrunch, the well-known technology industry. Users viewing the web page source code on their SocialCaptain profile page could see their Instagram usernames and passwords straight as long as they linked their accounts to the platform.
A website error that occurred allowed a SocialCaptain user to access their information without having to log in to their profile. Since user account IDs are mostly consecutive, it was also possible to access any user’s account and easily view their Instagram password and other account information.
A reluctant security researcher warned TechCrunch about the vulnerability and created a table of about 10,000 user accounts. There were about 4,700 Instagram usernames and passwords in the spreadsheet. The rest of the records included only the user’s name and email address. Let’s add that the data is also the type that shows whether the accounts are free trials or paid premium accounts, and that most of these premium accounts have billing addresses for customers.
Error confirmed and reported immediately
It was announced that the researchers confirmed the error by creating a fake Instagram account, linking the account to the SocialCaptain site, and viewing the web page source code of the profile on the site. After TechCrunch reported the error, SocialCaptain reported that it fixed this vulnerability by blocking direct access to other users’ profiles.
“Our analysis shows that the problem has arisen in the last weeks when accounts have been made temporarily accessible without authentication with a third-party email service,” said Anthony Rogers, SocialCaptain’s general manager. Rogers, who added that the proceedings were continuing, did not give information about how long the investigation would take.
It is one of the most correct things to do at the first stage that we think that the users who sign up to the SocialCaptain site will change their Instagram passwords immediately. We think what the developments will be and how the measures will be taken by the users will be shaped in the coming days.