SoylentNews is people
SoylentNews
One or more hackers have been stealing celebrities' e-mail addresses, phone numbers, and other personal information by exploiting a bug on Instagram's servers, the company said Thursday.
Researchers from antivirus provider Kaspersky Lab said they recently spotted hackers in an underground forum advertising unnamed celebrities' personal details. In an e-mail, a Kaspersky Lab representative said the researchers privately reported a data-leaking bug to Instagram. The Kaspersky Lab researchers went on to say that exploiting the bug was "quite labor intensive" because each attack had to be done manually rather than using an automated script to bypass mathematical calculations Instagram performs to prevent abuse.
To exploit the bug, according to Kaspersky Lab, attackers used the outdated Instagram mobile app—specifically version 8.5.1, which was released last year—to select the password-reset option. To capture the request, the attackers sent it to a Web proxy rather than the real Instagram servers. The attackers then modified the captured request to substitute the username sent to the Web proxy with the username of targeted celebrities. The Instagram server would then send a JSON-formatted response that included the target's personal information. While the hackers used the outdated app to exploit the bug, the attack worked against all Instagram users, regardless of the app version they used.
A representative from the Facebook-owned photo-sharing service, meanwhile, said the exploited flaw resided in an Instagram programming interface. The representative said Instagram officials know of at least one person who actively exploited the bug.
According to Metro, this bug was also responsible for the hack into Selena Gomez's Instagram account earlier this week.
Instagram did note that no passwords were leaked as a result of this hack.
Sigh. Another day, another hack.
(Score: 4, Insightful) by Anonymous Coward on Friday September 01 2017, @04:57PM (3 children)
Please blackhats, continue your unrelenting assault! Until people truly understand why they shouldn't have their personal info in a centralized database we will never move forward. It is a shift in consciousness that is needed.
(Score: 3, Insightful) by Runaway1956 on Friday September 01 2017, @05:23PM (1 child)
Insightful because the public needs to do a little growing up. We, collectively, are just too damned immature to be trusted with crap like Facefuck, and devices that can upload senseless crap to Facefuck.
(Score: 1, Insightful) by Anonymous Coward on Friday September 01 2017, @08:03PM
Feels more like FaceHug than Facefuck, what with the alien creature laying eggs in your body.
You hear me Zuck? You're a fucking parasitic alien!!
(Score: 2) by hemocyanin on Friday September 01 2017, @09:09PM
Some businesses have a legitimate need to know your phone number: your doctor, your bank, the contractor you hired to fix your roof. A picture sharing site on the internet though? Anyone who provides that info to such a business is nuts.