What would happen if you knew that your personal information got leaked? At the very least, you will consider yourself betrayed. Well, this is exactly what happened recently with Instagram. A researcher claimed that Instagram leaked phone number and email addresses of users for over four months.
David Stier, a data scientist, discovered this problem a year ago and informed Instagram as soon as he found out. The source code had the account holder’s contact information when it was loaded on the website. However, the contact information wasn’t present on the desktop version of the website. No one is still sure why the source code contained such valuable information.
This exposure included thousands of accounts of Instagram users whose information was leaked. There was also a leak of information about some businesses and brands. This information could virtually be in any hacker’s hands, who could assemble this information and make a phone book with the contact details of all the users. The hackers can use this information for potential benefits.
Some organization may have created this directory by now. In fact, a report published on Monday claimed that an Indian marketing company had obtained information of millions of Instagram users and stored it in an insecure database. This is against the Company’s policy. However, it is still unclear how they got their hands on such information and created the database.
The Indian Marketing firm name was Chtrbox. They pay Instagram influencers, so they post ads on their accounts. They requested information of millions of users to find the payment to the Instagram accounts for the ads. This database had information on every account’s information, like phone numbers, pictures, shares, likes, etc. There was also information leaked about the location of the users by country and city.
Instagram quickly contacted the account owners and informed them about this breach. None of these accounts had any connection with Chtrbox. They were just regular accounts of companies and individuals.
The owner of Facebook-owned Instagram issued a statement that they were looking into the details of this breach. He also said that they were making sure that the leaked information was from Instagram. The Company spokesperson said that they were also in contact with Chtrbox to understand how this information became public.
Stier claims that the sensitive information has was in the Instagram source code since last October. He said that he informed the Company in February and the Company fixed the issue in March 2019.
This Instagram exposure is a typical example of how a simple programming error can have disastrous consequences. Programming errors can expose sensitive information. For example, Google revealed on Tuesday that it has been saving some accounts passwords in plain text. Now hackers can make use of these small mistakes. They can find out valuable information about these account users and blackmail them in the future.
The contact information of these users is still present on the Instagram application. It asks these accounts if they have given permission to others contacting them. Although this system isn’t ideal, it is more secure than storing information in the source code. In fact, Hong who is a computer science professor says, “Obtaining data from a website is easy, but obtaining data from a running app is quite hard.”
This isn’t the first time that Facebook-owned apps have faced issues. Last month, researchers found unprotected data of two Facebook-associated apps, stored on Amazon servers. This exposed information of 540 million users, including data in plain texts.
You might think that hackers and criminals can’t harm you if they had your phone numbers and email addresses. However, criminals can combine identity theft with other exposures. So, they can harm you in many ways.
The main goal of the hackers and criminals is to use all the hacked information to defeat the system. Let us hope that these hacks will not happen in the future.
