Thousands of Instagram Login credentials of users leaked online. These are stored in a database of a media boosting service called Social Captain. The service helps users to grow their Instagram followers and likes counts by AI.
The Bug, which is fixed now reported by TechCrunch, Social Captain store credentials in the unencrypted ciphertext. A website vulnerability allows anyone to access the data stored at Social Captain without login. Also, any user can see the Login Credentials by opening the ‘View Source’ of the page.
Social Captain is an Online media boosting service that helps to gain more followers on Instagram. The leaked data includes Premium and free accounts of customers. Instagram said the service breaks its terms of the policy by Improperly storing the user’s data.
An Instagram spokesperson quoted “We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don’t know or trust”.
Adam Brown, Manager, Security Solutions, at Synopsys Software Integrity Group, said that Design falws are responsible for cause of 50% of software vulnerabilities.
He also elaborated” This is especially bad for the users who reuses Instagram Passwords which could lead to unauthorized access of additional accounts by extension”.
Is your Instagram Password safe or not?
If you have connected your Instgram account to Social Captain, change your password.
Social Captain is also advising users to change their credentails.
Hackers use the stolen passwords in “Password Stuffing” to re-use the passwords.
Facebook should also implement two-factor authentication for accounts. It will secure the account by Unauthorized acess. Comment what you think about it.