SAN FRANCISCO: A social media booting service called Social Captain, that helps users grow their Instagram follower counts, has leaked thousands of Instagram usernames and passwords for potential hackers.
According to a TechCrunch report, Social Captain stored passwords of linked Instagram accounts in unencrypted plaintext.
A website vulnerability allowed anyone access to any Social Captain user’s profile without having to log in and access their Instagram login credentials.
“A security researcher, who asked not to be named, alerted TechCrunch to the vulnerability and provided a spreadsheet of about 10,000 scraped user accounts,” said the report. About 70 accounts were premium accounts of paid customers. Social Captain said later it had fixed the vulnerability by preventing direct access to other users’ profiles.
(With input from agencies)
Comment