A website called Social captain, promises to help its users get more Instagram followers. All you have to do is register with Insta on the site and enter your name and the associated password. The service works in principle, but now there is the problem that the sensitive data of the users are publicly visible in the source text.
How could that happen?
It was possible to access a user profile without registration
You only needed the unique user account ID of each person. You simply added this to the URL of the website and you could easily access a user's profile without logging in. From this you could simply copy the access data of the associated Insta account. It becomes problematic, for example, if you use web scraping and thus automatically and legally collect all data from Instagram users.
10.000 Instagram user data collected
The data includes email addresses, names, access data and passwords. These included 4.700 login details and also some Insta Premium accounts with bank details. The damage is great and it is advisable to stop using the Social Captain service. Changing your Instagram password is definitely not a mistake either. You should not only be careful with your Insta account, but also with other social media platforms such as Facebook, Twitter etc. Not even the recent Facebook scandal can stop the huge platforms from sucking up your data.