The FBI Has Stolen All Of Instapaper’s User Data And Some Of Its Codebase



On Tuesday, the FBI seized a number of servers from DigitalOne, a Swiss hosting company that leases blade servers from a Virginia datacenter. The FBI had a warrant for only one particular server, used by a fraudulent “scareware” distributor, but the FBI ended up taking a lot more servers than the one they were actually looking for, knocking several web sites offline in the process… and making off with nearly all of popular offline reading platform Instapaper‘s user data, some of its codebase and some password encryption keys in the process.

Instapaper developer Marco Arment says that even though he had backups in place that prevented the Instapaper service from going offline entirely, by making off with the Instapaper server, the FBI has “illegal possession of nearly all of Instapaper’s data and a moderate portion of its codebase.”

That data includes a complete list of users, all of their email addresses, any non-deleted bookmarks, and salted SHA-1 hashes of passwords (which should be relatively safe, according to Arment). If you use Pinboard with Instapaper, though, your plaintext username and encrypted password is now in the hands of the FBI… and the encryption key is also with them, courtesy of the Instapaper source code.

Worse? It doesn’t look likely that Instapaper will ever get any of this information back, at least from where Arment is sitting.

Given the massive attacks of hacker groups over the last couple of weeks, it seems ironic that the FBI is the latest group to compromise users security. Depending on how distrustful of the government you are, you may feel very safe that the FBI has your Instapaper data, or very, very nervous.

Either way, if you use your Instapaper logins at any other sites, now might be the time to change them. Given the number of hacking attacks in recent months, it just makes sense to minimize your vulnerability and use different passwords and logins at different sites.

  • Chris Brunner

    iOS 5 removes my need for Instapaper anyway…


  • TomD

    Wow is that a reporter getting pepper sprayed? Is that a stock photo or one of the tornado in a data center?

  • Rjfilter


  • William P. York

    It doesn’t look like the image is of this particular raid. The img info is “fbipuertoricoraida060210.”  The Instapaper raid was in Virginia.  I feel that it is extremely dishonest to use a picture from somewhere else without making it clear that that’s what you’re doing. 

  • Brian

    You guys don’t seem to get that this is a blog, not the fucking Washington Post or something. Beyond that why don’t the people who hate this site so much just GTFO already.

  • Leon Clemens

    I agree, if they’re going to use some stock image they should’ve used something less sensational than one where a FBI agent pepper sprays a civilian.

  • WVMikeP

    A friend of mine manages a rack of servers across the aisle from those taken.  He told me the FBI just took the whole rack.  

    Time to add FBI raids on someone else as a risk to mitigate along with fires, hard drive melt-downs, etc.  Unfreakin’ believable. 

  • Chris

    why does the fbi use pepper spray against the press?

  • John Howell

    In the land of the free, and the home of the….FBI.

  • Graham Briggs

    None of them servers will ever get returned. I guess the FBI in their wisdom will destroy each one, one by one, trying to find the correct server, and then possibly return a pile of broken parts in three years time. They’ll also never pay any damages to the parties who have been damaged. Disgusting. Free country, my arse.


    The image is not from the report. This image is like 4 years old. Its from an FBI raid on a Puertorican Government Office. Please use correct images on you reports, or don’t report anything.

  • Jonathan Baize

    It seems that with every John Brownlee article I see, my respect for cult of mac is lowered. Usually it’s just bad writing and editing, but using such an image with this headline is just plain misleading. I’m glad, after reading the comments, to know I’m not the only one who thinks so.

  • William P. York

    I agree that cultofmac isn’t the Wash Post, but the cultofmac people do need to decide what this website is: Is it a blog, or is it a legitimate news site?

    From the “About” section of cultofmac:

    “Cult of Mac is a daily news website that tracks Apple and the people who use its products. Our goal is to provide timely news, insightful analysis, helpful how-tos and honest product reviews about Apple and Apple-related products.”

  • nthnm

    Misleading like 95% of their articles are. They either use false pictures or false titles to draw in views. 

  • macgizmo

    Usually CofM posts misleading headlines, or misleading images. In this case, they did both.

  • Dan Millet

    with that picture it would be called instapepper, LOL

  • Kim Tumaini Jørgensen

    I agree with everyone above notioning that use of wrong images headlining this article is fraud.

  • Dilbert A

    I hope they sue, and don’t settle.

  • Dilbert A

    lol. but really, that’s sad.