By connecting the Instagram accounts of the company named SocialCaptain to its platform, to increase the number of followers
Let’s start our news by giving the information that says it helps and asks people to register by entering their Instagram username and password on the platform.
The known name of the technology industry, online publisher TechCrunch
Based on information obtained this week by SocialCaptain used to store passwords for Instagram accounts in plain text without protection. Users who viewed the web page source code on SocialCaptain profile pages could see their Instagram username and password in plain form as long as they linked their account to the platform.
A website error that occurred allowed a SocialCaptain user to access their information without having to log into their profile. Since user account IDs are often consecutive, you can access any user’s account and access their Instagram password with other account information was also thus possible to view easily.
Anonymous security researcher warned TechCrunch of the vulnerability and 10 thousand created a table of the user account. Approximate in the spreadsheet 4,700 He had an Instagram username and password. The remainder of the records contained only the user’s name and email address. Let’s add that the data also shows whether the accounts are free trials or paid premium accounts, and most of these premium accounts also have billing addresses for customers.
Error verified and reported immediately
It was explained that the researchers confirmed the error by creating a fake Instagram account, linking the account to the SocialCaptain site, and viewing the web page source code of the profile on the site. After TechCrunch reports the error, SocialCaptain prevents direct access to other users’ profiles. vulnerability reported that it fixed.
SocialCaptain’s managing director, Anthony Rogers, said “Our analysis is that the problem is with the third-party e-mail service of the accounts. without authentication shows that it has appeared in recent weeks when it has been temporarily made available ” said. Adding that the proceedings are continuing, Rogers did not give any information about how long the investigation will take.
We think that users who sign up for the SocialCaptain site should change their Instagram passwords immediately. What improvements will be and how users will measures
We think that will take shape in the coming days.