Privacy has always been a great concern on the internet and in case you haven’t realize already, nothing is really ever private once it goes online. Forbes recently reported that there was a bug on Instagram that has been present for at least six months, which allow hackers to switch a user’s private account to public and switch back without them ever knowing. The bug was discovered last August by Christian Lopez and has only been fixed very recently.
Known as cross-site request forgery, the bug granted hackers the access to a Instagram user’s privacy settings, allowing them to change the profile to public so they can download whatever they want and switch the account back to private. This means that unless the private pictures starts showing up in the web, there’s no way for one to find out if their account has been compromised before. Christian Lopez was given a four-figure reward by Facebook as part of the social network’s “White Hat” program.
When contacted, an Instagram spokesperson told Forbes:
“We applaud the security researcher who brought this bug to our attention for responsibly reporting the bug to our parent company Facebook’s White Hat Program. We worked with the team to make sure we understood the full scope of the bug, which allowed us to fix it. Due to the responsible reporting of this issue to us, we do not have evidence of account compromise using this bug”
If you’re up for it, check out the entire story on Lopez’s blog post.