Thousands of Instagram passwords exposed online

0

Thousands of Instagram passwords exposed online after it was discovered that the Social Captain Social Captain app stores them online in plain text

  • Instagram users who linked their account with Social Captain are at risk
  • Vulnerability left passwords stored in plain text on an unencrypted site
  • Experts have said that the vulnerability is of ‘great concern’ to users and urges those affected to update their passwords immediately

Thousands of Instagram accounts had their passwords exposed due to a vulnerability in an application that claimed to increase the number of followers.

Social Captain was revealed as storing users’ passwords in an unencrypted file that hackers could easily access.

Criminals who accessed the site could have simply read the username and password of an account in plain text.

It is unknown if hackers confiscated the details, but users are urged to change their password and details urgently.

Scroll down to watch the video

Criminals who accessed the Social Captain site could have simply read the username and password of an account in plain text (stock)

Criminals who accessed the Social Captain site could have simply read the username and password of an account in plain text (stock)

Instagram users who registered on the Social Captain site to increase their numbers had to link their accounts.

This information, TechCrunch revealed, it was poorly stored.

An unidentified security investigator found the vulnerability and reported it to TechCrunch, who in turn informed Social Captain.

“Any user who has seen the source code of the website on their Social Captain profile page could see their Instagram username and password in sight, as long as they have connected their account to the platform,” says the report. .

‘To make matters worse, an error on the website allowed anyone to access the profile of any Social Captain user without having to log in, simply plugging a user’s unique account ID into the company’s web address would grant access to your Social Captain account and your Instagram login credentials. ‘

Some of the users also paid the users, and the violation exposed their billing address.

David Emm, principal security researcher at Kaspersky, said: ‘While it’s understandable that people want to increase their Instagram tracking, this shouldn’t be at the expense of their online security.

‘The fact that Social Captain, or indeed any online service, stores the login credentials in plain text is a matter of great concern.

An unidentified security investigator found the vulnerability and reported it to TechCrunch, who in turn informed the Social Captain

An unidentified security investigator found the vulnerability and reported it to TechCrunch, who in turn informed the Social Captain

An unidentified security investigator found the vulnerability and reported it to TechCrunch, who in turn informed the Social Captain

An Instagram spokesman said: 'As soon as we finish the internal investigation, we will be alerting users that they could have been affected in the event of a violation and we will ask them to update the associated username and password combinations'

An Instagram spokesman said: 'As soon as we finish the internal investigation, we will be alerting users that they could have been affected in the event of a violation and we will ask them to update the associated username and password combinations'

An Instagram spokesman said: ‘As soon as we finish the internal investigation, we will be alerting users that they could have been affected in the event of a violation and we will ask them to update the associated username and password combinations’

‘In this particular case, it is even more frightening to think that someone else could see these credentials without even having to log in to the Social Captain site.

‘Anyone who has registered with Social Captain should change their Instagram passwords.’

Anthony Rogers, executive director of Social Captain, told TechCrunch that vulnerability is believed to be a recent problem.

“The first analyzes indicate that the problem was introduced in recent weeks when the endpoint, intended to facilitate integration with a third-party email service, has been made temporarily accessible without token-based authentication,” he said.

An Instagram spokesman said: “As soon as we finish the internal investigation, we will be alerting users that they could have been affected in case of non-compliance and we will ask them to update the associated username and password combinations.”

“While it’s understandable that people want to increase their Instagram tracking, this shouldn’t be at the expense of their online security.

‘The fact that Social Captain, or indeed any online service, stores the login credentials in plain text is a matter of great concern.

‘In this particular case, it is even more frightening to think that someone else could see these credentials without even having to log in to the Social Captain site.

‘Anyone who has registered with Social Captain should change their Instagram passwords.’

HOW CAN I CHOOSE A SECURE PASSWORD?

According to Internet security provider Norton, “the shorter and less complex your password, the faster the program may have the correct combination of characters.

The longer and more complex your password, the less likely the attacker will use the brute force method, due to the long time it will take for the program to solve it.

“Instead, they will use a method called dictionary attack, where the program will go through a predefined list of common words used in passwords.”

Here are some steps to follow when creating a new password:

DO:

  • Use a combination of numbers, symbols, upper and lower case letters
  • Make sure the password is at least eight characters long
  • Use short phrases for passwords
  • Change your passwords regularly
  • Log out of websites and devices once you have finished using them

DO NOT DO:

  • Choose a commonly used password such as ‘123456’, ‘password’, ‘qwerty’ or ‘111111’
  • Use a lonely word. Hackers can use dictionary-based systems to crack passwords
  • Use a derivative of your name, family member’s name, pet’s name, phone number, address or date of birth
  • Enter your password, share it or let someone else use your login information
  • Answer ‘yes’ when asked to save your password in a computer browser

.