Instagram FLASHED YOUR PRIVATES to picture pervs

Pic-propagation-p0wnage possibility plugged

4 Reg comments Got Tips?

Instagram has plugged a flaw that allowed private pictures to be seen by anyone, under certain conditions.

The flaw, reported by Quartz and since closed, meant all photos from formerly public accounts later marked private remained open.

Photos on other social networks shared through Instagram could also be accessed, as the flaw exposed images' URLs.

Instagram told the publication it updated the selfie shop so that all non-shared photos under private accounts were out of the hands of creeps.

"In response to feedback, we made an update so that if people change their profile from public to private, web links that are not shared on other services are only viewable to their followers on Instagram," the company said in a statement.

The impact of the flaw would be limited, this author contends, since users running public accounts - the default setting - would most likely not be uploading sensitive pics.

The danger lay in instances where users mistakenly shared private images and switched to private mode, trusting that to be sufficient to lock down pictures.

Perverts would still need the precise and obscured URL of targeted sensitive photos but a non-targeted and scatter-gun approach could work by running bash scripts to enumerate URLs and siphon photos off the site.

Loading URLs for sensitive public photos in Instagram's Android and iOS apps generated errors. ®


Biting the hand that feeds IT © 1998–2020