This Security Flaw Can Reveal Private Posts On Instagram

An observation over Instagram detects a security flaw that can allow users to view photos and videos circulated by private accounts. Just by a handful of clicks, these posts can literally be accessed, downloaded, and distributed to even un-authenticated users.

As reported, the hack requires fundamental knowledge of HTML and a web browser. It is also applicable to Instagram Stories. It works as easy as pulling out the source code (URL) of certain images or videos, then publicly sharing the elements with other people. Seriously, these third parties don’t need to log in to Instagram or follow the private user but still get a load of the contents. 

Some additional experiments show that both JPEG and MP4 files from private stories or feeds can be retrieved through this security flaw. However, Facebook doesn’t consider it a big deal. 

The tech giant might be right at some point, except for Instagram stories which would have been lasted for 24 hours are also affected. URLs links to private stories are approachable within several days, and links to photos potentially exist even longer. Since all types of contents are hosted on Facebook servers, private Facebook accounts won’t be excluded.

Also, data achieved from website address unveils basic information related to photos or videos on the video-sharing platform including the method they have been uploaded and their dimensions. That’s the difference between this flaw and the act of screenshots. 

To put it concisely, positioning their accounts as private means users wish for a certain level of privacy. Even when followers get accessed to their content, people absolutely don’t want it to be exposed to strangers, especially on social media. That’s what Facebook should consider as using servers to manage content on private accounts.