Instagram passwords are publicly visible in the source text

A website called Social captain, promises to help its users get more Instagram followers. All you have to do is register with Insta on the site and enter your name and the associated password. The service works in principle, but now there is the problem that the sensitive data of the users are publicly visible in the source text.

How could that happen?

The access data of the users were stored unencrypted and could therefore be seen in the source text of the social captain profile. Techcrunch made the website aware of the problem and also released one Blog Post on the subject. The bug was immediately corrected by Social Captain. Nevertheless, the Instagram passwords are still visible in the source text. According to Insta, the company generally violates the terms of use and needs to be examined more closely.

It was possible to access a user profile without registration

You only needed the unique user account ID of each person. You simply added this to the URL of the website and you could easily access a user's profile without logging in. From this you could simply copy the access data of the associated Insta account. It becomes problematic, for example, if you use web scraping and thus automatically and legally collect all data from Instagram users.

10.000 Instagram user data collected

The data includes email addresses, names, access data and passwords. These included 4.700 login details and also some Insta Premium accounts with bank details. The damage is great and it is advisable to stop using the Social Captain service. Changing your Instagram password is definitely not a mistake either. You should not only be careful with your Insta account, but also with other social media platforms such as Facebook, Twitter etc. Not even the recent Facebook scandal can stop the huge platforms from sucking up your data.


Created on:02/04/2020

Leave a Comment

Provide affiliate links