Site icon Panda Security Mediacenter

Instagram flaw exposes private information

Instagram users are being warned of a security loophole that could be used to expose their private posts. This means that private posts and messages could be shared with almost anyone – not just trusted friends.

Perhaps more worrying is the fact that there are no special tools required to accessing secret posts.

It’s all about addresses

Every single webpage on the internet has an address – that’s how our web browsers know where to find them. Some addresses like pandasecurity.com are well-publicised – we want people to find them easily.

Your private Instagram posts also have an address – it’s just not immediately visible. But it can be found very, very easily.

Most web browsers (Chrome, Safari, Firefox, Edge) include basic development tools that allow you to view the code which define how the page looks. And by viewing the page source code, you can quickly and easily find the address of ‘private’ posts and images.

Once you have the address, it can be reshared on social media, or in messages and emails. And anyone who clicks the link can see your private posts, even if they don’t follow you.

Researchers have also discovered that ‘deleted’ posts can still be accessed using these hidden addresses. And this is also true of private posts that are set to auto-delete after 24 hours.

A timely privacy reminder

Although anyone can see your private content using one of these links, only the recipient of your private messages can access its address. Sharing private posts can only be done by someone you trust.

There are a few things you need to remember:

1. Facebook has a track record of poor privacy protection

Facebook, who own Instagram, make their fortune from your information. They have a record of losing, over-sharing and exposing data belonging to their users.

Always think very carefully before sharing sensitive personal information on social media.

2. Nothing is ever really deleted

Although Instagram allows you to delete your posts, the contents are retained by Facebook – forever. This is why deleted information is still available using its hidden address.

Never, ever post something online that you may later regret – it will always exist somewhere, forever.

3. Private today, public tomorrow

Anything you share in private, could later be re-shared publicly. Even if Instagram does find a way to prevent hidden image addresses being discovered, there’s nothing to stop someone taking and sharing screenshots for instance.

If you don’t want private information to be made public, don’t share it. Even images sent by truly secure and private channels like iMessage can be copied and shared publicly.

Protect yourself – and your family

Adults can – and should – be able to follow these guidelines. But your younger family members may need some extra help.

Download a free trial of Panda Dome today and you can train them to use the internet safely. You can start by filtering out age-restricted websites like Instagram and Facebook. And once you are sure they are ready, you can permit access, but monitor their usage to ensure they are not over-sharing sensitive personal information.

As always, true internet safety is a combination of technology and common sense. Make sure you have both before next using private posts on Instagram.

Exit mobile version