Click to Skip Ad
Closing in...

Do you have a private Instagram account? Your photos may have been exposed

Updated Feb 11th, 2014 5:12PM EST
Instagram Hack Private Photos

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

If the events of the past few years have taught us anything, it’s that nothing is safe if it involves the Internet. “Private” is just a word these days, as malicious hackers get more and more creative with their efforts to crack service providers’ security. In the latest example, Forbes staff writer and well-known cybersecurity reporter Andy Greenberg reveals a huge security hole in Instagram that had been present in the app for at least six months before the Facebook-owned team finally fixed the issue last week.

Last August, security researcher Christian Lopez discovered a huge flaw in Instagram’s mobile apps. Using a common hacking technique called cross-site request forgery, the bug allowed Lopez or any other hacker aware of the flaw to covertly switch a user’s profile settings from private to public. A malicious hacker could then quickly download all of the user’s photos and switch the profile back to private before anyone noticed.

Lopez contacted Facebook’s security team back in August to report the bug, and he was given a “four-figure” reward as part of Facebook’s “bug bounty” program. According to the researcher, however, Facebook stumbled numerous times while attempting to fix the hole and private users remained at risk for nearly six months until the bug was finally addressed properly.

While we won’t know for sure unless reports of private photos start popping up in public, Facebook says it isn’t aware of any accounts being compromised.

“We applaud the security researcher who brought this bug to our attention for responsibly reporting the bug to our parent company Facebook’s White Hat Program,” Facebook told Forbes in a statement. “We worked with the team to make sure we understood the full scope of the bug, which allowed us to fix it. Due to the responsible reporting of this issue to us, we do not have evidence of account compromise using this bug.”

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.