Latest Cyber News - Cyber Help and Advice - We Hope You Enjoy Browsing Our Site

Advertisement

Instagram data from 14 million profiles found in vulnerable database, researcher says

Instagram data from 14 million profiles found in vulnerable database, researcher says

Information about more than 14mn Instagram accounts is being kept in an insecure database that could render users vulnerable to hackers, a professional security researcher told us on Friday.

Data including users’ profile names, stored links to profile pictures and their Instagram ID is available in the database, which researcher Oliver Hough found on the Shodan web scanning service. The database, physically located in the U.K., includes 14,526,602 entries, according to a screenshot Hough tweeted on Friday. Entries also have empty fields for home addresses and telephone numbers, he said.

It’s not clear who is logging the information. But Hough suggested a third party could be scraping Instagram and storing public data for analysis later, either for targeted marketing or another purpose. He suggested the information could be combined with unrelated databases of stolen passwords, which hackers could correlate with the usernames leaked here to try to infiltrate victims’ accounts.

“On the black hat side of things, well, it’s 14m valid usernames,” he said. “Combine that with large password lists and I’m sure it would be a fun day.”

Instagram did not respond to multiple requests for a comment.

Advertisement

Social media companies previously have tried to stop outsiders from scraping public information about user profiles.

Professional networking site LinkedIn is trying to prevent hiQ Labs, a data science company, from using public data about LinkedIn user data to predict which employees who are most likely to be seeking a new job. The company sells information to clients including CapitalOne, eBay and GoDaddy, according to Courthouse News. LinkedIn argued hiQ violated the Computer Fraud and Abuse Act, a 1984, anti-hacking law, by using bots to take public data.

That case is still pending in the Ninth Circuit Court of Appeals.

Advertisement

Media

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Advertisement

×

Sign up to keep in touch!

Be the first to hear about Cyber News from cyberscafe.com and our partners.

Check out our Privacy Policy
You can unsubscribe from email list at any time