A security flaw on Instagram makes it extremely easy to access your private posts and stories by people who are not even following you. According to reports by Buzzfeed, the photos and videos posted on private Instagram and Facebook accounts aren’t exactly private.
The infringement that surfaced a couple of days ago illustrates how a couple of clicks on any web browser can expose the unbroken URL of private posts and stories cached on Facebook servers. It makes every post easy to be accessed, downloaded, and distributed by the public “via a stupidly simple work-around.“
How does the ‘hack” work?
The hack which works on Instagram stories as well- requires a basic knowledge of HTML. A user can easily inspect the images and videos that are being loaded on the page and then pull out the source URL. The Verge independently confirmed that the process works smoothly. The process, though a bit finicky, makes the URL readily available by reloading the private page of the account and loading the ‘Img’ section. The previews of the image even load in chat applications like Slack. It is a piece of scary news for celebrities and young users who have chosen to save their account from unwanted scams by making their accounts private.
Oh yes, even your stories aren’t safe
However, the hack also works on private Instagram stories which are meant to last for 24 hours. The URLs retrieve images of the Facebook servers even after the posts have expired or been deleted. The URLs for private stories can apparently return the story for multiple dates after the expiration date.
In response, a Facebook spokesperson stated,
“The behavior described here is the same as taking a screenshot of a friend’s photo on Facebook and Instagram and sharing it with other people; it does not give people access to a person’s private account.”
Nevertheless, the process of invading someone’s privacy is different from just taking a screenshot of their pictures. These publically available URLs contain some basic information about the data they link to, including how it was uploaded, and it’s photo dimensions. You also can not fake one as they also prove authenticity.
Another Facebook glitch?
As all the data is hosted by Facebook’s own network, the hack also applies to private Facebook content. The content can be shared to almost anyone if a friend or follower grabs the link. While the apps allow you to track your content viewership, it can also be noted that if someone publically shares your private posts via links, you would have no clue about it.
Earlier, phone numbers linked to hundreds of millions of Facebook accounts were found to have been deserted on an unprotected server which could be accessed by nearly anyone. According to reports by TechCrunch, the unsecured server contained over 419 million records of users globally which comprises of 133 million US-based users, 50 million from Vietnam and 18 million from the UK, among others.
Another such loophole was discovered by Quartz for private Instagram content in 2015. Tests proved that a photo once posted through a public Instagram account would remain viewable on the web even after the person made their account private.
A user deserves the right to privacy for their personal data. Moreover, in a 2018 statement, Mark Zuckerberg, CEO said, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,”