An Instagram security hole exposed the personal data of all its members

A social security vulnerability made the names and phone numbers of all its members accessible to hackers, Forbes magazine reveals.

This vulnerability, which has now been fixed, affected the connection and synchronization features of Instagram contacts. It allowed hackers to check whether phone numbers were linked to accounts and to know the names of people associated with those numbers.

The activist hacker who discovered the flaw, ZHacker13, explains that it could have been exploited by brute-force attack, that is, by one-to-one testing of phone numbers to see if they were associated with an Instagram account.

A malicious actor could have built an algorithm to accomplish this task in order to extract all this information from the social network database.

It would then be sufficient to create an account and use the contact synchronization feature to associate these phone numbers with the accounts and names of members of the social network. This process could also have been automated using algorithms.

“Theoretically, I could have obtained the personal details of anyone who is registered with Instagram,” summarizes ZHacker13.

The flaw was corrected after the hacker informed Facebook, Instagram’s parent company, of its existence.

This news comes less than two weeks after it was revealed that phone numbers linked to more than 400 million Facebook accounts were stored online, at the mercy of malicious use.

You May Also Like

Carrie J. Bronstein

About the Author: Carrie J. Bronstein

Carrie Bronstein helped bring Webby Feed from a weekly newsletter to a full-fledged news site by creating a new website and branding. She continues to assist in keeping the site responsive and well organized for the readers. As a contributor to Webby Feed, Carrie mainly covers mobile news and gadgets.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.