Do you have an Instagram account?
If so, be advised that David Stier (a business consultant and researcher for CNET) has recently discovered a flaw in Instagram’s website that exposed thousands of users’ email addresses and phone numbers for a period of more than a month.
Mr. Stier provided screen shots and other details to Instagram demonstrating that when the source code for some users’ profiles were displayed in a web browser, supposedly confidential information was plainly visible.
The exposed information ran the gamut and included the contact and personal information of individual adult users, some businesses, and an unknown number of minors. The company responded promptly and issued a patch that corrected the problem not long after they were made aware, but at this point, the damage may have already been done.
From a user’s perspective, the best thing you can do is to change your Instagram password immediately and be on the alert that if a hacker made a copy of the information, you may be on the receiving end of phishing emails in a bid to collect even more information from you in the months ahead.
At this point, it is unknown whether any group or individual other than Mr. Stier found and made use of the exposed information. Instagram faced a similar issue several months ago, in which the company improperly protected a database containing the contact information of millions of their users, including several influencers and celebrities. This database was initially uploaded and shared by a Mumbai-based marketing firm called Chtrbox, and the information it contained is unquestionably in the wild at this point.
Instagram’s parent company, Facebook, issued a brief statement to the effect that they were working with Chtrbox to understand exactly how they came to posses the data and how it became publicly available. At this time, however, no additional information is available.