The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Search results for Instagram

Instagram Adds 3 New Security Tools to Make its Platform More Secure

Instagram Adds 3 New Security Tools to Make its Platform More Secure

August 29, 2018Swati Khandelwal
Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You might know that the Facebook-owned photo-sharing network has recently been a victim of a widespread hacking campaign that has affected thousands of Instagram users, leaving them locked out of their accounts. In the wake of the security mishappening, Instagram has announced a trio of security updates intended to discourage trolls, stop misinformation, and make the platform a little safer for its one billion users. In an official blog post , titled "New Tools to Keep Instagram Safe," published by Instagram Co-Founder & CTO Mike Krieger on August 28, the company announced thr
Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel

Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel

December 18, 2015Swati Khandelwal
Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b
Who Viewed Your Profile on Instagram? Obviously, Hackers!

Who Viewed Your Profile on Instagram? Obviously, Hackers!

March 22, 2016Swati Khandelwal
Are you curious about who viewed your profile on Instagram? This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile. But, should we believe them? Is there really some kind of way out to know who viewed your Instagram profile? The shortest answer to all these questions is ' NO ', such functionality does not exist on Instagram at the moment. But, thousands of users still have hope and hackers are taking advantage of this to target a broad audience. Recently, security researchers have discovered some malicious applications on Android Google Play Store as well as iOS App Store, which are entirely a hoax, targeting Instagram users. The iOS app is named " InstaCare - Who cares with me? " and is one of the top apps in Germany, while the Android app is dubbed "
Instagram Hacker Puts 6 Million Celebrities Personal Data Up For Sale On DoxaGram

Instagram Hacker Puts 6 Million Celebrities Personal Data Up For Sale On DoxaGram

September 01, 2017Mohit Kumar
It's now official, Instagram has suffered a massive data breach , and reportedly an unknown hacker has stolen personal details of more than 6 million Instagram accounts. Just yesterday, we reported that Instagram had patched a critical API vulnerability that allowed the attacker to access phone numbers and email addresses for high-profile verified accounts. However, Instagram hack now appears to be more serious than initially reported. Not just a few thousands of high-profile users—it's more than 6 million Instagram users, including politicians, sports stars, and media companies, who have had their Instagram profile information, including email addresses and phone numbers, available for sale on a website, called Doxagram . The suspected Instagram hacker has launched Doxagram, an Instagram lookup service, where anyone can search for stolen information only for $10 per account. A security researcher from Kaspersky Labs, who also found the same vulnerability and rep
Bug Hunter Found Ways to Hack Any Instagram Accounts

Bug Hunter Found Ways to Hack Any Instagram Accounts

May 21, 2016Swati Khandelwal
How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties. Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts. Both brute-force attack issues were exploitable due to Instagram’s weak password policies and its practice of using incremental user IDs. "This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones," Swinnen wrote in a blog post describing details of both vulnerabilities. Brute-Force Attack Using Mobile Login API Swinnen discovered that an attacker could have performed brute force attack against any Instagram account via its Android authentication API URL, due to improper security implementations. According to his blog post , fo
Widespread Instagram Hack Locking Users Out of Their Accounts

Widespread Instagram Hack Locking Users Out of Their Accounts

August 15, 2018Mohit Kumar
Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to .ru domains. According to victims, their account names, profile pictures, passwords, email addresses associated with their Instagram accounts, and even connected Facebook accounts are being changed in the attack. Many of the affected Instagram users are also complaining about their profile photos replaced with stills from popular films, including Despicable Me 3 and Pirates of the Caribbean. Although it is still unknown who is behind the widespread hack of Instagram accounts, the use of the email addresses originating from Russian email provider mail.ru may indicate a Russian hacker or
Instagram Suffers Data Breach! Hacker Stole Contact Info of High-Profile Users

Instagram Suffers Data Breach! Hacker Stole Contact Info of High-Profile Users

August 31, 2017Swati Khandelwal
Instagram has recently suffered a possibly serious data breach with hackers gaining access to the phone numbers and email addresses for many "high-profile" users. The 700 million-user-strong, Facebook-owned photo sharing service has currently notified all of its verified users that an unknown hacker has accessed some of their profile data, including email addresses and phone numbers, using a bug in Instagram. The flaw actually resides in Instagram's application programming interface (API), which the service uses to communicate with other apps. Although the company did not reveal any details about the Instagram's API flaw, it assured its users that the bug has now been patched and its security team is further investigating the incident. "We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information—specifically email address and phone number—by exploiting a bug in an Instagr
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

July 15, 2019Mohit Kumar
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user engagement and interactions. Despite having advanced security mechanisms in place, bigger platforms like Facebook, Google, LinkedIn, and Instagram are not completely immune to hackers and contain severe vulnerabilities. Some vulnerabilities have recently been patched , some are still under the process of being fixed, and many others most likely do exist, but haven't been found just yet. Details of one such critical vulnerability in Instagram surfaced today on the Internet that could have allowed a remote attacker to reset the password for any Instagram account and take complete contr
Instagram Patches flaw that Makes Private Photos Visible

Instagram Patches flaw that Makes Private Photos Visible

January 14, 2015Mohit Kumar
Your Instagram is not as Private as You Think. Millions of private Instagram photos may have been exposed publicly on the web until the company patched a privacy hole this weekend. Instagram team was unaware of a security vulnerability from long time which allowed anyone with access to an image’s URL to view the photo, even those shared by users whose accounts are set to “private.” In other words, If a private user shares an Instagram post with another service, such as Twitter or Facebook as part of the upload process, that shared photo will remain viewable to the public despite its privacy settings. The flaw was first reported by  David Yanofsky  at Quartz and Instagram acknowledged the issue last week before patching the flaw. In a statement to Quartz, an Instagram representative said: ' If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private, ' The Instagram vulnera
Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

July 28, 2014Swati Khandelwal
In the era of Government surveillance, ensuring the security and safety of our private communications regardless of platform – email, VOIP, message, even cookies stored – should be the top priority of the Internet industry. Some industry came together to offer Encryption as the protection against government surveillance, but some left security holes that may expose your personal data. A critical issue on Instagram’s Android Application has been disclosed by a security researcher that could allow an attacker to hijack users’ account and successfully access private photos, delete victim's photos, edit comments and also post new images. Instagram , acquired by Facebook in April 2012 for approximately US$1 billion, is an online mobile photo-sharing, video-sharing and social networking service that enables its users to take pictures and videos, apply digital filters, and share them on a variety of social networking services, such as Facebook, Twitter, Tumblr and Flickr.
Don't Fall for Fake Instagram Desktop Applications Offering 'Image Viewer'

Don't Fall for Fake Instagram Desktop Applications Offering 'Image Viewer'

May 08, 2014Swati Khandelwal
Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealers, and other variants of potentially unwanted software range into millions. It has ability to create several different forms of itself dynamically in order to thwart antimalware programs. Instagram users are also targeted by the potentially unwanted software programs that claims to enable them to download their Instagram photos and videos using desktop machines or computers. But once downloaded and installed into system, it could expose the user to a number of security vulnerabilities, often overlap with adware , warned the security firm Malwarebytes. " In the case of Instagram, what we've seen out there could pose greater risk than, say, your average phishing site, " said Malwarebytes intelligence analyst Jovi Umawing in a blog post . Instagram is a social networking service use for online photo-sharing and video-sharing. It
Hacking Instagram Accounts using OAuth vulnerability

Hacking Instagram Accounts using OAuth vulnerability

May 02, 2013Mohit Kumar
' Nir Goldshlager ' known as Facebook hacker and founder of Break Security  , who reported many critical bugs in Facebook OAuth mechanism in past few months, today disclose a critical  vulnerability in Instagram Oauth that allow an attacker to hack any account. Succesful hack allows attacker to access private photos, ability to delete victim's photos and to edit comments and also the ability to post new photos. Hacker explained that there are two ways to hack Instagram accounts using OAuth, first via Hijack Instagram accounts using the Instagram OAuth or Hijack Instagram accounts using the Facebook OAuth Dialog. During his bug hunting Nir found loopholes in Instagram’s security parameters i.e redirect_uri , that allows  attacker to pass the access token to his own domain with mx as suffix i.e code straight to breaksec.com.mx . POC :  https://instagram.com/oauth/authorize/?client_id=33221863eec546659f2564dd71a8a38d&redirect_uri=https://breaksec
Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Facebook Stored Millions of Instagram Users' Passwords in Plaintext

April 18, 2019Swati Khandelwal
Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. Facebook today quietly updated its March press release, adding that the actual number of affected Instagram users were not in hundreds of thousands but millions. These plaintext passwords for millions of Instagram users, along with millions of Facebook users, were accessible to some of the Facebook engineers, who according to the company, did not abuse it. According to the updated post, Facebook discovered "additional logs of Instagram passwords" stored in a readable format, but added that its investigation revealed that the stored passwords were never "abused or improperly accessed" by any of its employees. Here's the full updated statement p
Instagram Accidentally Exposed Some Users' Passwords In Plaintext

Instagram Accidentally Exposed Some Users' Passwords In Plaintext

November 19, 2018Swati Khandelwal
Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users' passwords in plain text. The company recently started notifying affected users of a security bug that resides in a newly offered feature called "Download Your Data" that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform. To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data. However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook's servers due to a security bug that was discovered by the Instagram internal team. The company said the stored data has been deleted from the servers owned by Facebook, Instagra
Instasheep — Instagram Account Hacking Tool Released

Instasheep — Instagram Account Hacking Tool Released

July 30, 2014Swati Khandelwal
Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles , that allows an attacker to hijack users’ account and successfully access private photos, delete victim's photos, edit comments and also post new images. Yesterday, a London developer Stevie Graham has released a tool called “ Instasheep ” a play on the 2010 Facebook stealer Firesheep , a Firefox extension that can be used to compromise online accounts in certain circumstances automatically using a click of mouse. Graham discovered the Instagram issue years ago and was shocked when he realized it hadn’t been fixed by Facebook yet. He released the tool after claiming Facebook refused to pay a bug bounty for his reported vulnerabilities affecting the Instagram iOS mobile application. Graham tweeted about the issue: “ Denied bug bounty. Next step is to write automated tool enabling mass hijacking of accounts, ” he wrote. “
iPhone Instagram users vulnerable to hackers

iPhone Instagram users vulnerable to hackers

December 03, 2012Mohit Kumar
Instagram - Facebook’s popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov  published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. " The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone. " Vulnerability Details --   The vulnerability is in the 3.1.2 version of Instagram's application, which is  susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s con
Someone Hacked Selena Gomez Instagram, Shared Nude Justin Bieber Photos

Someone Hacked Selena Gomez Instagram, Shared Nude Justin Bieber Photos

August 30, 2017Wang Wei
The highest followers account on Instagram owned by Selena Gomez has recently been hacked with unknown hackers posting a bunch of nude photographs of her ex-boyfriend Justin Bieber on her account. The latest hack is not part of the ongoing Fappening events affecting a majority of celebrities by targeting their iCloud accounts, rather in the case of Selena, some hacker managed to breach her Instagram account and posted Bieber's photos. Bieber's three full-frontal shots of naked photos were visible to Selena's 125 million Instagram followers for a short duration of time, after which her account was swiftly taken down Monday night. A post from Selena's official Instagram account went up Monday showing 3 pics of Bieber with a caption that read: "LOOK AT THIS N***A LIL SHRIMPY." Selena's team has since re-secured her Instagram account, which was back online minutes after it was taken down, with the photos of Bieber deleted. The Bieber nude images
Instagram Adds Two-Step Verification to Prevent Account from being Hacked

Instagram Adds Two-Step Verification to Prevent Account from being Hacked

February 17, 2016Unknown
Hijacking an online account is not a complicated procedure, not at least in 2016. Today, Instagram confirmed that the company is in the process to roll out two-factor authentication for its 400 Million users. It is impossible to make your online accounts hack-proof, but you can make them less vulnerable. Then what you can do to protect yourselves from hackers? Several companies provide more enhanced steps like Encrypted Channel Services, Security Questions, Strict Password Policy and so on. But, what would you do if a hacker had somehow managed to access your accounts’ passwords? Since the online accounts do not have an intelligent agent inbuilt to verify whether the person is the legit driver of the account; beyond a username and password match. Hence the concept of Two-Factor Authentication (2FA) born out! Jumbos like Google, Facebook, Twitter and Amazon have already blended the 2FA feature with their services to tackle account hijacking. 2-F
WhatsApp Group Video Call and Instagram Video Chat Are Coming Soon

WhatsApp Group Video Call and Instagram Video Chat Are Coming Soon

May 02, 2018Swati Khandelwal
Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, including Dating on Facebook, letting users clear their web browsing history, real-time language translation within Messenger, and many more. Besides announcing exciting features for its social media platform, Facebook CEO Mark Zuckerberg also gave us a quick look at the features Facebook introduced for companies that it owns, like WhatsApp and Instagram. During Facebook's F8 conference on Tuesday, Zuckerberg announced a long-awaited feature for WhatsApp— Group Video Calling . Yes, you heard that right. WhatsApp would soon be adding a group video calling feature to the popular end-to-end messaging app, making it possible for its over billion users to have face-to-face conversations with multiple people at once. Although there are not many details about the WhatsApp group video calling feature at this moment, it is clear that WhatsApp will now allow four people to have one-on-one
This 10-year-old Boy becomes the youngest Bug Bounty Hacker

This 10-year-old Boy becomes the youngest Bug Bounty Hacker

May 07, 2016Mohit Kumar
" Talent has no Age Limit " That’s what I said for a 10-year-old Finnish boy on our official Facebook page while sharing his recent achievement with our readers i.e. Winning $10,000 bug bounty from Instagram . Last Tuesday when we at The Hacker News first acknowledged this talented boy and the flaw he discovered in image-sharing social network Instagram, I did not have an idea that the Facebook post would get an enormous response from our followers, encouraging me to introduce Jani to our website readers too. Those who aren’t aware, Jani from Helsinki recently reported an Instagram bug to Facebook that allowed him to delete other Instagram users' comments just by entering a malicious code into the app's comment field. " I would have been able to eliminate anyone's comment from Instagram, even Justin Bieber, " Jani told a local newspaper. Jani responsibly disclosed the vulnerability details to Facebook, who owns Instagram, in February and
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.