An online leak has seen thousands of usernames and passwords for Instagram leaked online. The leak was found by tech news site, TechCrunch, and was found on the site of a social media agency called Social Captain.
When customers logged into their Instagram account, they would be able to check the Page Source of the page and see a long list of other Social Capital customers and their username and passwords – whom the agency was acting on behalf of.
It emerged that there was limited encryption or effort to secure this information from third parties – and other sources from TechCrunch found ways to access this information without logging into the site.
Social Capital have since responded and confirmed that this problem has been fixed, although the full scale of damage is unknown.
Anthony Rogers, CEO at Social Captain, said: “Early analysis indicates that the issue was introduced during the past weeks when the endpoint, meant to facilitate integration with a third-party email service, has been temporarily made accessible without token-based authentication.”
A spokesperson from Instagram said: “We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don’t know or trust.”
Speaking to industry experts, Matt Bennett, COO of youth marketing agency ZAK, commented: “Once again security is the headline for Facebook, this time not of its own making but nevertheless, trust is being eroded. It’s no wonder young people are turning away from the major social platforms in their droves. Next Gen audiences are looking for other forms of connectivity via smaller communities or real experiences. The reputations of the social media giants are in freefall with this generation.
How can you keep your Instagram account safe?
One of the first things you can do to keep your Instagram account safe is changing your password regularly, even if you share the account with other agencies, people or staff members. Changing your password even once per month would be recommended.
It is important to use different passwords for your social media and email address, reducing the risk of someone getting access to your password and being able to access all accounts available.
If your Instagram password is auto-saved on your phone or laptop, making sure that this has security measures in place is advisable – such as a gateway, password or code to access the device beforehand.
Where possible, avoid logging in on other peoples’ devices or public computers such as at hotels, business centres or the Apple Store – since this can leave your information exposed and easily accessible.