Instagram Confirmed Security Vulnerability – Commentary

Instagram’s parent company Facebook has confirmed that a newly discovered security vulnerability may have put data at risk, leaving users open to attack by threat actors. A security researcher ran tests on the platform and he successfully retrieved “secure” user data. This data included users’ real names, Instagram account numbers and handles, and full phone numbers. The linking of this data is all an attacker would need to target those users. Facebook has since made changes to Instagram to protect its users.


EXPERTS COMMENTS
Jake Moore, Cybersecurity Specialist,  ESET
September 24, 2019
Authenticator apps are increasing in popularity, as people move across to this more secure protection feature.
Luckily, this threat would be extremely difficult to carry out on mass. Theoretically, this leak does have consequences as it connects private data to accounts. Providing a phone number to associate with an account will soon become old fashioned as we start using authenticator apps for verification. In the meantime, it is seen as the go-to method of two-factor authentication. Authenticator apps a ....
[Read More >>]
Brandon Chen, Digital Security and Operations Manager,  The Media Trust
September 16, 2019
Avoiding these attacks requires a layered approach that includes continually monitoring these web assets for unauthorized actors and activities.
Vulnerabilities in contact importers can open a website or web application to variety of attacks like brute force, SQL injection, and those involving compromised third-parties, to name a few. Unfortunately, these attacks are not uncommon. If the site or app has a field where users can log into their account, and developers are not enforcing parameters for queries and input for that field, bad acto ....
[Read More >>]
Anurag Kahol, CTO ,  Bitglass
September 13, 2019
Companies cannot rely on others to find their security issues and instead must take a more proactive approach.
There is an important distinction between what a user chooses to make public, such as a unique handle or username, and the personally identifiable information (PII) that they use to create accounts. When individuals make user profiles for any given service, they trust that their PII will be kept secure. While Instagram exposed users’ passwords a little less than a year ago, it appears that the c ....
[Read More >>]
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
September 13, 2019
A finding of an easily exploitable vulnerability would indicate that something fundamental was wrong with Facebook's software security methodology.
Software security is an organisational skill, and no matter how good you are, there's always room for improvement. The fact that the reported vulnerability in Instagram is "complex" to exploit is actually a good indication. A finding of an easily exploitable vulnerability would indicate that something fundamental was wrong with Facebook's software security methodology. A complex-to-exploit vulnera ....
[Read More >>]
Chris DeRamus , VP of Technology Cloud Security Practice,  Rapid7
September 13, 2019
Left unpatched, this security vulnerability could have resulted in a devastating data leak consisting of phone numbers and account numbers.
As Instagram is the third most popular social media network with more than one billion active users on the platform each month, the social media giant is entrusted with a massive trove of user data. Left unpatched, this security vulnerability could have resulted in a devastating data leak consisting of phone numbers and account numbers that directly link to the usernames and real names of the acco ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article