#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for Instagram | Breaking Cybersecurity News | The Hacker News

Instagram Adds 3 New Security Tools to Make its Platform More Secure

Instagram Adds 3 New Security Tools to Make its Platform More Secure

Aug 29, 2018
Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You might know that the Facebook-owned photo-sharing network has recently been a victim of a widespread hacking campaign that has affected thousands of Instagram users, leaving them locked out of their accounts. In the wake of the security mishappening, Instagram has announced a trio of security updates intended to discourage trolls, stop misinformation, and make the platform a little safer for its one billion users. In an official blog post , titled "New Tools to Keep Instagram Safe," published by Instagram Co-Founder & CTO Mike Krieger on August 28, the company announced thr
Who Viewed Your Profile on Instagram? Obviously, Hackers!

Who Viewed Your Profile on Instagram? Obviously, Hackers!

Mar 22, 2016
Are you curious about who viewed your profile on Instagram? This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile. But, should we believe them? Is there really some kind of way out to know who viewed your Instagram profile? The shortest answer to all these questions is ' NO ', such functionality does not exist on Instagram at the moment. But, thousands of users still have hope and hackers are taking advantage of this to target a broad audience. Recently, security researchers have discovered some malicious applications on Android Google Play Store as well as iOS App Store, which are entirely a hoax, targeting Instagram users. The iOS app is named " InstaCare - Who cares with me? " and is one of the top apps in Germany, while the Android app is dubbed "
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel

Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel

Dec 18, 2015
Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Instagram Hacker Puts 6 Million Celebrities Personal Data Up For Sale On DoxaGram

Instagram Hacker Puts 6 Million Celebrities Personal Data Up For Sale On DoxaGram

Sep 01, 2017
It's now official, Instagram has suffered a massive data breach , and reportedly an unknown hacker has stolen personal details of more than 6 million Instagram accounts. Just yesterday, we reported that Instagram had patched a critical API vulnerability that allowed the attacker to access phone numbers and email addresses for high-profile verified accounts. However, Instagram hack now appears to be more serious than initially reported. Not just a few thousands of high-profile users—it's more than 6 million Instagram users, including politicians, sports stars, and media companies, who have had their Instagram profile information, including email addresses and phone numbers, available for sale on a website, called Doxagram . The suspected Instagram hacker has launched Doxagram, an Instagram lookup service, where anyone can search for stolen information only for $10 per account. A security researcher from Kaspersky Labs, who also found the same vulnerability and rep
Bug Hunter Found Ways to Hack Any Instagram Accounts

Bug Hunter Found Ways to Hack Any Instagram Accounts

May 21, 2016
How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties. Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts. Both brute-force attack issues were exploitable due to Instagram's weak password policies and its practice of using incremental user IDs. "This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones," Swinnen wrote in a blog post describing details of both vulnerabilities. Brute-Force Attack Using Mobile Login API Swinnen discovered that an attacker could have performed brute force attack against any Instagram account via its Android authentication API URL, due to improper security implementations. According to his blog post , fo
Widespread Instagram Hack Locking Users Out of Their Accounts

Widespread Instagram Hack Locking Users Out of Their Accounts

Aug 15, 2018
Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to .ru domains. According to victims, their account names, profile pictures, passwords, email addresses associated with their Instagram accounts, and even connected Facebook accounts are being changed in the attack. Many of the affected Instagram users are also complaining about their profile photos replaced with stills from popular films, including Despicable Me 3 and Pirates of the Caribbean. Although it is still unknown who is behind the widespread hack of Instagram accounts, the use of the email addresses originating from Russian email provider mail.ru may indicate a Russian hacker or
Instagram Suffers Data Breach! Hacker Stole Contact Info of High-Profile Users

Instagram Suffers Data Breach! Hacker Stole Contact Info of High-Profile Users

Aug 31, 2017
Instagram has recently suffered a possibly serious data breach with hackers gaining access to the phone numbers and email addresses for many "high-profile" users. The 700 million-user-strong, Facebook-owned photo sharing service has currently notified all of its verified users that an unknown hacker has accessed some of their profile data, including email addresses and phone numbers, using a bug in Instagram. The flaw actually resides in Instagram's application programming interface (API), which the service uses to communicate with other apps. Although the company did not reveal any details about the Instagram's API flaw, it assured its users that the bug has now been patched and its security team is further investigating the incident. "We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information—specifically email address and phone number—by exploiting a bug in an Instagr
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

Jul 15, 2019
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user engagement and interactions. Despite having advanced security mechanisms in place, bigger platforms like Facebook, Google, LinkedIn, and Instagram are not completely immune to hackers and contain severe vulnerabilities. Some vulnerabilities have recently been patched , some are still under the process of being fixed, and many others most likely do exist, but haven't been found just yet. Details of one such critical vulnerability in Instagram surfaced today on the Internet that could have allowed a remote attacker to reset the password for any Instagram account and take complete contr
Hacking Instagram Accounts using OAuth vulnerability

Hacking Instagram Accounts using OAuth vulnerability

May 02, 2013
' Nir Goldshlager ' known as Facebook hacker and founder of Break Security  , who reported many critical bugs in Facebook OAuth mechanism in past few months, today disclose a critical  vulnerability in Instagram Oauth that allow an attacker to hack any account. Succesful hack allows attacker to access private photos, ability to delete victim's photos and to edit comments and also the ability to post new photos. Hacker explained that there are two ways to hack Instagram accounts using OAuth, first via Hijack Instagram accounts using the Instagram OAuth or Hijack Instagram accounts using the Facebook OAuth Dialog. During his bug hunting Nir found loopholes in Instagram's security parameters i.e redirect_uri , that allows  attacker to pass the access token to his own domain with mx as suffix i.e code straight to breaksec.com.mx . POC :  https://instagram.com/oauth/authorize/?client_id=33221863eec546659f2564dd71a8a38d&redirect_uri=https://breaksec
Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

Jul 28, 2014
In the era of Government surveillance, ensuring the security and safety of our private communications regardless of platform – email, VOIP, message, even cookies stored – should be the top priority of the Internet industry. Some industry came together to offer Encryption as the protection against government surveillance, but some left security holes that may expose your personal data. A critical issue on Instagram's Android Application has been disclosed by a security researcher that could allow an attacker to hijack users' account and successfully access private photos, delete victim's photos, edit comments and also post new images. Instagram , acquired by Facebook in April 2012 for approximately US$1 billion, is an online mobile photo-sharing, video-sharing and social networking service that enables its users to take pictures and videos, apply digital filters, and share them on a variety of social networking services, such as Facebook, Twitter, Tumblr and Flickr.
Don't Fall for Fake Instagram Desktop Applications Offering 'Image Viewer'

Don't Fall for Fake Instagram Desktop Applications Offering 'Image Viewer'

May 08, 2014
Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealers, and other variants of potentially unwanted software range into millions. It has ability to create several different forms of itself dynamically in order to thwart antimalware programs. Instagram users are also targeted by the potentially unwanted software programs that claims to enable them to download their Instagram photos and videos using desktop machines or computers. But once downloaded and installed into system, it could expose the user to a number of security vulnerabilities, often overlap with adware , warned the security firm Malwarebytes. " In the case of Instagram, what we've seen out there could pose greater risk than, say, your average phishing site, " said Malwarebytes intelligence analyst Jovi Umawing in a blog post . Instagram is a social networking service use for online photo-sharing and video-sharing. It
Instagram Patches flaw that Makes Private Photos Visible

Instagram Patches flaw that Makes Private Photos Visible

Jan 14, 2015
Your Instagram is not as Private as You Think. Millions of private Instagram photos may have been exposed publicly on the web until the company patched a privacy hole this weekend. Instagram team was unaware of a security vulnerability from long time which allowed anyone with access to an image's URL to view the photo, even those shared by users whose accounts are set to "private." In other words, If a private user shares an Instagram post with another service, such as Twitter or Facebook as part of the upload process, that shared photo will remain viewable to the public despite its privacy settings. The flaw was first reported by  David Yanofsky  at Quartz and Instagram acknowledged the issue last week before patching the flaw. In a statement to Quartz, an Instagram representative said: ' If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private, ' The Instagram vulnera
Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone

Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone

Sep 24, 2020
Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a  critical vulnerability  in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app—including spying on victim's private messages and even deleting or posting photos from their accounts—but also execute arbitrary code on the device. According to an  advisory  published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895 , CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year. "This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling
iPhone Instagram users vulnerable to hackers

iPhone Instagram users vulnerable to hackers

Dec 03, 2012
Instagram - Facebook's popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov  published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. " The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim's iPhone. " Vulnerability Details --   The vulnerability is in the 3.1.2 version of Instagram's application, which is  susceptible to "eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim's con
Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Apr 18, 2019
Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. Facebook today quietly updated its March press release, adding that the actual number of affected Instagram users were not in hundreds of thousands but millions. These plaintext passwords for millions of Instagram users, along with millions of Facebook users, were accessible to some of the Facebook engineers, who according to the company, did not abuse it. According to the updated post, Facebook discovered "additional logs of Instagram passwords" stored in a readable format, but added that its investigation revealed that the stored passwords were never "abused or improperly accessed" by any of its employees. Here's the full updated statement p
Instasheep — Instagram Account Hacking Tool Released

Instasheep — Instagram Account Hacking Tool Released

Jul 30, 2014
Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles , that allows an attacker to hijack users' account and successfully access private photos, delete victim's photos, edit comments and also post new images. Yesterday, a London developer Stevie Graham has released a tool called " Instasheep " a play on the 2010 Facebook stealer Firesheep , a Firefox extension that can be used to compromise online accounts in certain circumstances automatically using a click of mouse. Graham discovered the Instagram issue years ago and was shocked when he realized it hadn't been fixed by Facebook yet. He released the tool after claiming Facebook refused to pay a bug bounty for his reported vulnerabilities affecting the Instagram iOS mobile application. Graham tweeted about the issue: " Denied bug bounty. Next step is to write automated tool enabling mass hijacking of accounts, " he wrote. "
Instagram Accidentally Exposed Some Users' Passwords In Plaintext

Instagram Accidentally Exposed Some Users' Passwords In Plaintext

Nov 19, 2018
Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users' passwords in plain text. The company recently started notifying affected users of a security bug that resides in a newly offered feature called "Download Your Data" that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform. To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data. However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook's servers due to a security bug that was discovered by the Instagram internal team. The company said the stored data has been deleted from the servers owned by Facebook, Instagra
Cybersecurity Resources