Usernames and passwords of thousands of Instagram users have been leaked for potential hackers by a social media booting service called ‘Social Captain’, which claims it helps users grow their follower counts by connecting their accounts to its platforms.
A report by TechCrunch said Social Captain stores passwords of linked Instagram accounts in unencrypted plaintext. “A security researcher, who asked not to be named, alerted TechCrunch to the vulnerability and provided a spreadsheet of about 10,000 scraped user accounts,” said the report.
Another report suggests about 70 were premium accounts of paid customers. Due to a tech vulnerability, anyone could access the Social Captain users’ profile without logging in with the required credentials. Social Captain later said it has fixed the vulnerability by preventing direct access to users’ profiles.
Instagram termed it as a breach of terms by Social Captain for improperly storing login credentials. An Instagram spokesperson said they are investigating the breach and will take appropriate action.
A similar incident was witnessed last May when personal data of millions of celebrities and social media influences were allegedly exposed on its platform. In 2017, a bug had led to the leak of personal details of Taylor Swift and Kim Kardashian, among millions of other celebrity users.