Instagram patches flaw leaking private images

Your private Instagrams weren’t as private as you thought they were

Instagram has patched a flaw that allowed private pictures to be visible to other people under certain conditions. The flaw allowed all photos from formerly public accounts later marked private to remained open and viewable to public.

Quartz conducted tests which showed that any photograph posted to Instagram when a user’s account is set to public—the default setting—would remain publicly viewable on the web, even if the user made her account private.

This flaw also affected the photos shared on other social media sites that were shared through Instagram as the image’s URL was exposed.

Instagram patches flaw leaking private images

Flaw patched

The flaw was first reported by the Quartz and has now been formally patched.

“This is not an area where we have received feedback or concerns from the community but will continue to revisit,” a spokesperson for Instagram initially told Quartz in an emailed statement on Jan. 8. “If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private.”

“In response to feedback, we made an update so that if people change their profile from public to private, web links that are not shared on other services are only viewable to their followers on Instagram,” the company said in a statement.
The actual impact though, is not expected to be too grave since users running private accounts would have the default setting such so as to not upload sensitive pictures. The danger lay in instances where users mistakenly shared private images and switched to private mode, trusting that to be sufficient to lock down pictures.
However to exploit this particular flaw, any individual would need the precise URL to access sensitive images.

1 COMMENT

  1. Hello.
    Actually, this made photos UNLISTED, not private.
    I liked this flaw. I could put some private pictures into the Wayback Machine as proof.
    And I could open a CDN on Instagram, which was much easier than DirectUpload, which does not even work. They do not even send me some data with E-Mail, that I type in.
    However, I was able to make a private account, and use it as CDN.
    I hope that Quartz will be cursed forever for their death-sentenced inquiries.
    That’s, why I actually hate patches. I can show off infront of my classmates, until they PATCH. I hate patches in general.

LEAVE A REPLY

Please enter your comment!
Please enter your name here