Man Discovers a Security Failure on Instagram

Man Discovers a Security Failure on Instagram

Man Discovers a Security Failure on Instagram. An investigator called Wes Wineberg received some information from a friend, who told him that he had discovered what could be a security problem in one  of Instagram’s major servers. It was a series of elements which were so serious that he could even get access to the data stored by the photo-sharing service. Moreover, this problem has also made relations between Instagram and Facebook go tense.

Man Discovers a Security Failure on Instagram

He could easily access incredible amounts of data

What is the Security Failure exactly? It’s a combination of two individual factors

On the one hand, the server has a strictly coded security token. On the other hand, the server used a version of Ruby. A script language known for allowing a failure to take place when it’s asked to execute an arbitrary code. Taking advantage of those two features. The hacker was finally able to recover an impressive amount of data about the identity of users, employees and about several configuration files.

He could have stopped there, but he decided to go on. While searching through configuration files, he found passwords together with the accounts they protected. But those weren’t Instagram passwords – those were Amazon passwords. He could access Amazon storage, where he had access to all the content of the site (of Instagram). Every picture and video uploaded by every user since Instagram was created.

Wineberg explains on his blog that those passwords were what let him get all the contents of Instagram, which created a series of problems. Firstly, he could have impersonated Instagram. He could have also get to any picture, any video, any account. Together with the fact that Instagram doesn’t code its passwords too much, users don’t usually choose strong passwords, so they’re more easily hackable.

Will Instagram make up to this fail and get stronger security?

Comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *