Stories
Slash Boxes
Comments

SoylentNews is people

Instagram Website Leaked Phone Numbers and Emails for Months, Researcher Says

posted by Fnord666 on Thursday May 23 2019, @08:20AM   Printer-friendly
from the so-many-leaks-so-little-time dept.

martyb writes:

Instagram Website Leaked Phone Numbers and Emails for Months, Researcher Says:

Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says.

The source code for some Instagram user profiles included the account holder's contact information whenever it loaded in a web browser, says David Stier, a data scientist and business consultant, who notified Instagram shortly after he discovered the problem earlier this year. The contact information wasn't displayed on the account holder's profiles on the desktop version of the Instagram website, although it was used by the photo-sharing site's app for communication. It isn't clear why the information was included in the website's source code.

The exposure appeared to include contact information for thousands of accounts, which belonged to private individuals -- some of whom were minors -- along with businesses and brands, Stier said. Including the information in the source code could let hackers scrape the data from the Instagram website, allowing them to assemble a virtual phone book that lists the contact details of thousands of Instagram users.

Pictures, or it didn't happen! Oh, wait./

Original Submission

 
This discussion has been archived. No new comments can be posted.
Instagram Website Leaked Phone Numbers and Emails for Months, Researcher Says | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by RS3 on Thursday May 23 2019, @02:08PM (4 children)

    by RS3 (6367) on Thursday May 23 2019, @02:08PM (#846645)

    I have a "smart phone"... oh, you assumed I use it as a phone? Not so! I don't trust it. I just use it as a tiny tablet, and even then no password-protected websites or any other important personal stuff in/on it.

    Once I put my SIM card in it and the texting app is much better than the phone I normally use, but I do very little texting (much too slow a communication method). I was too worried about apps getting my number, contacts, etc.

    It's running Android 5.something. When you install apps the Android installer will tell you which resources the app wants access to. I've cancelled many app installations because of the things they wanted access to- stuff that's 100% unrelated to what I believe the app should need.

    I haven't had my hands on Android 6 or higher, but with 6+ I believe you can limit what resources an app has access to. 6 or higher is not natively available for this phone. I have an older LineageOS for it but not sure if it's worth the time and effort...

    There are many websites that are only accessible through their app. I wonder why?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1) by Chocolate on Thursday May 23 2019, @03:07PM (2 children)

    by Chocolate (8044) on Thursday May 23 2019, @03:07PM (#846659) Journal

    Yes, with Android 7.0 you can deny specific permissions to some apps but not internet access. The UI hides the Internet permissions under a menu option on a screen which looks like it shows all permissions but doesn't. It's very sad that Google has gone downhill like this.

    A while back I read that their theory is that permissions shouldn't be blocked cause then apps might break. With no net or no GPS. Yes. Seriously. So apps won't work in flight mode? What about fake data?

    Meanwhile in the real world billions of people are lugging around a computer in their pocket that has no firewall and little in the way of protection. Oh No's! Can't give users access to their device! Who knows what they might do?

    What will it take for our mobile devices to be treated as seriously as our desktop machines?

    --
    Bit-choco-coin anyone?

    • (Score: 2) by RS3 on Thursday May 23 2019, @04:15PM (1 child)

      by RS3 (6367) on Thursday May 23 2019, @04:15PM (#846689)

      Thanks for the info and excellent points. Quite similar to MS's philosophy- make it cool, advertise, run when the streams cross. I never quite felt good about google from the start. Can't put my finger on it- subtleties and intuition.

      For me, critical is a removable storage medium. My first action, when I'm concerned about someone's machine, is to pull the HD, plug it in to a known clean computer as slave, and scan it, sector-level if needed. That I can't remove a computing device's storage medium means I will never trust it. Time to build my own!

      • (Score: 1) by Chocolate on Friday May 24 2019, @03:14AM

        by Chocolate (8044) on Friday May 24 2019, @03:14AM (#846924) Journal

        Nfi what I'll do if this phone has issues like the last one cause it had to have the battery pulled out n charged with a standalone charged which worked fine and two batteries means a quick swap and on the way for hours not plugged in for half the day. Yes half the day. So just waiting for it to hopefully not die.

        I hope the day is coming where we can once again buy a phone with features we need

        --
        Bit-choco-coin anyone?

  • (Score: 1) by Chocolate on Thursday May 23 2019, @03:13PM

    by Chocolate (8044) on Thursday May 23 2019, @03:13PM (#846660) Journal

    I play games and do fun stuff on my cheap 10" tablet. With only WiFi what can they steals? Right.

    As of Android 7, Google Play Services can't be disabled or stopped. If it causes issues you are screwed unless the phone is rooted. As a bonus the battery on this phone can't be easily removed without device surgery.

    Worried yet?

    --
    Bit-choco-coin anyone?