How Hackers Could Steal Your Instagram Account

How Hackers Could Steal Your Instagram Account

The bad news? Instagram has a vulnerability that could allow a hacker to take over your account. The good news? That hacker would have to be close enough that he could just walk over and punch you to do so.

The vulnerability was found in the latest 3.1.2 version of Instagram by Carlos Reventlov, who has notified Instagram of the problem.

Here’s how the exploit works. As a matter of course, Instagram encrypts many sensitive activities when they are sent to Instagram’s servers, but other data is not encrypted, but instead sent in plain-text. One of these is a cookie that is sent the second the app is started up, and it’s this cookie that allows hackers to compromise your Instagram account, theoretically taking full control over it.

In reality, though, there’s not much to worry about for most of us. In order for a hacker to use this method to take control of your Instagram account, you’d need to be on the same local-area-network, which means that the chances are good that unless you’re on a public WiFi network with a malevolent hacker, you’re probably pretty safe.

Instagram can fix the problem pretty easily by using encrypted HTTPS for API requests for sensitive data, and now that the vulnerability has been made public, it’s a good bet that that’s exactly what they’ll do next update.

Related
  • JiriSiftar

    Well, such hypothetical attack is interesting, but irrelevant to most. But there’s much worse vulnerability on Instagram, that allows kids to ruin this community for good and turn this once great platform of creativity into another mediocre aggregator of internet waste.
    ANYONE can prevent ANY picture from getting to Explore Page (formerly known as Popular) or stay there. It takes a minute to do that for anyone. Last remaining instagramers, who are able to get there are suddenly stop growing and with no new followers (and Popular page is the only stable and reliable source of them), they can’t beat the other crap on this page.

    More about it: http://ig-vulnerability.tumblr.com

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his girlfriend and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , |