Feeds

Instagram bug 'exposed' hipsters' private photos to strangers

Privacy flap at Facebook-acquired firm shocker

Secure remote control for conventional and virtual desktops

A just-patched vulnerability in Instagram potentially exposed hipsters' private photos and more to strangers.

A bug in the popular photo touch-up utility, acquired by Facebook in April for $1bn, allowed malicious users to add themselves as "friends" to individual accounts without permission and view snaps marked as private.

In a security advisory, Instagram said the "Following Bug" has been fixed.

It denied that private photos were even exposed, an assurance that conflicts with claims in a blog post by Sebastián Guerrero, the Spanish security researcher who discovered the flaw in the first place. An English language security advisory related to Guerrero's research can be found here.

Guerrero warned that photos and private information were exposed by the bug, which stems from the ability to guess and forge approved requests to follow, or befriend a user, using a brute-force attack. Both Android and iPhone versions of Instagram were affected by the vulnerability.

The security researcher illustrated the vulnerability by adding himself to the select group of people followed by Facebook head honcho Mark Zuckerberg. Guerrero then sent the social networking mogul a message congratulating him on buying Instagram and asking for some sort of reward under Facebook's bug bounty programme.

Commentary on how the vulnerability worked and what it might mean for Facebook can be found in a blog post by Stephen Cobb of web security firm Eset here. Facebook is subject to settlement with US consumer watchdog the FTC, which imposed audits for the next 20 years as a result of the social networking's dodgy record on protecting punters' privacy.

The web goliath got into trouble for "deceiving consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public". Although accidental the privacy bug at Instagram might at least merit a few awkward question towards Facebook from FTC enforcers, Eset notes. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.