Instagram is one of the most popular social media apps around the world, but a new report has warned that thousands of users’ passwords have been exposed online.
The issue, which was first reported by TechCrunch, lies with a social media boosting startup called Social Captain, which claims to help Instagram users to boost their following.
Worryingly, TechCrunch discovered a flaw in the way that Social Captain was storing users’ Instagram passwords, that could let anyone access the password.
TechCrunch explained: “TechCrunch learned this week Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext.
“Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain sight, so long as they had connected their account to the platform.”
And the problems don’t end there – TechCrunch also found a website bug that allowed anyone access to any Social Captain user’s profile without having to log in.
The bug meant that you could simply emter a user’s unique account ID into the company’s web address, and gain access access to their Social Captain account, including their Instagram password.
TechCrunch contacted Social Captain about the issues, and while the startup has now fixed the bug that allowed direct access to other users’ profiles, passwords are still visible in the web page source code.
Anthony Rogers, CEO at Social Captain, said: “Early analysis indicates that the issue was introduced during the past weeks when the endpoint, meant to facilitate integration with a third-party email service, has been temporarily made accessible without token-based authentication.
“As soon as we finalize the internal investigation we will be alerting users that could have been affected in the event of a breach and prompt them to update the associated username and password combinations.”
Instagram also says that it is investigating the matter.
A spokesperson said: “We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don’t know or trust.”
Is your Instagram password safe?
Unless you use Social Captain, your Instagram password is safe.
If you do use Social Captain, you should change your Instagram password immediately.
Adam Brown, manager of security solutions at Synopsys, said “This is especially bad for affected users not just because their Instagram passwords are now breached, but due also to the fact that people commonly reuse passwords which could lead to unauthorised access of additional accounts by extension.”