MILLIONS of Instagram have had their photos, videos and locations secretly downloaded by strangers.
The so-called “breach” was part of a systematic bid to “build up detailed profiles of people’s movements and interests” – and there’s no way to know if you were affected.
Worryingly, content downloaded included Instagram Stories – which are supposed to vanish after 24 hours.
But marketing firm Hyp3r made copies of “millions of posts every month”, according to an investigation by Business Insider.
The pics, clips and location data was all taken in violation of Instagram rules.
However, Instagram has been accused of not doing enough to protect user info in the first place.
Hyp3r is a marketing company that tracks your social posts tagged to locations.
Customers can then use this data to target you with relevant ads.
“Someone who visits a hotel and posts a selfie there might later be targeted with pitches from one of the hotel’s competitors,” Business Insider explained.
The firm is described as “taking advantage of an Instagram securtity lapse”.
This allowed Hyp3r to target specific locations and then suck up all of the public posts from those places.
Content sucked up included photos and videos posted to Instagram Stories.
These posts are designed to vanish after 24 hours, but Hyp3r downloaded permanent versions of them.
It also “scraped” public user profiles widely across Instagram.
This included your bio info and details of your followers, which could then be combined with other location info.
Hyp3r even applied image-recognition tech to the posts, which automatically detects what’s featured in an image.
“Hyp3r’s actions were not sanctioned and violate our policies,” said Instagram, in a statement given to The Sun.
“As a result, we’ve removed them from our platform.
“We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.”
It’s worth noting that all of the data “scraped” by Hyp3r was public, not private.
And Instagram has now fixed the app so that it’s impossible to download location data in this way any more.
Instagram is also working to block non-authentic engagement and activity across the app.
In a statement, Hyp3r CEO Carlos Garcia said: “Hyp3r is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services.
“We do not view any content or information that cannot be accessed publicly by anyone online.”
Instagram – the key facts
Here’s what you need to know…
- Instagram is a social network for sharing photos and videos
- It was created back in October 2010 as an iPhone-exclusive app
- A separate version for Android devices was released 18 months later
- The app rose to popularity thanks to its filters system, which lets you quickly edit your photos with cool effects
- When it first launched, users could only post square 1:1 ratio images, but that rule was changed in 2015
- In 2012, Facebook bought Instagram for $1billion in cash and stock
- In 2018, some analysts believe the app is worth closer to $100billion
- In October 2015, Instagram confirmed that more than 40billion photos had been uploaded to the app
- And in 2018, Instagram revealed that more than a billion people were using the app every month
How to stay safe from Instagram scraping
We already know that Instagram has fixed one of the key ways Hyp3r was scooping up locations en masse.
But the best thing you can do is to simply set your profile to ‘private’.
This hugely limits the amount of data a stranger can nab from your account.
It’s also a great reminder of how you should limit the scope of personal info you upload online.
Using photos, videos and locations, it’s possible for crooks or stalkers to build up an accurate picture of your life and movements.
This presents a very real danger to your safety, so be very careful every time you upload anything to the internet.
If someone has downloaded your data, even you deleting it from your profile won’t remove their copy.
Speaking to The Sun, KnowBe4 cyber-expert Javvad Maliik said: “This oversight highlights, once again, the importance of protecting customer data.
“It also shows that user data is never safe from cyber-attacks, even on trusted and well-established platforms like Instagram.
“The matter isn’t so much that Hyp3r was able to scrape this data, but rather the fact that a loophole existed within Instagram that allowed collection of data in the first place.
“Hyp3r may have been one of many companies collecting data in this way and Instagram must carefully consider all its security controls, ranging from the technical tools to processes.
He added: “All too often we see processes being bypassed, all at the cost of security.”
MOST READ IN TECH
GTA 6 release date leaked – and may be out in time for new PlayStation and Xbox
Google warns BILLIONS of passwords have been hacked – how to check yours now
Puzzled Flat-Earthers left raging after Nasa astronaut posts photo from the ISS
How to read DELETED WhatsApp messages on your iPhone or Android
Apple could be FORCED to change your iPhone charging cable again under EU ruling
JACK THE FLIPPER
Killer whales massacre sharks by squeezing them ‘like tubes of toothpaste’
Instagram and sister brand WhatsApp are about to change their names.
In other WhatsApp news, don’t click the text offering you 1,000GB of free internet.
And experts recently warned that using full stops on WhatsApp makes people think you’re rude.
Do you trust Instagram to protect your privacy? Let us know in the comments!
- Google Photos bug shared some users’ private videos with strangers
- TikTok ‘copies Instagram’ with new design that’s VERY similar to its rival’s look
- Google admits it sent users' private videos to strangers
- Kirk Douglas' last family photo: Late actor is seen sitting proudly among four generations while dining at son Michael's home... as tributes pour in for the star after his death aged 103
- TikTok testing profile redesigns similar to Instagram
- TikTok Testing Instagram-Like App Redesign: Facebook to Taste Its Own Medicine?
- New Facebook tool lets parents see who their child is chatting to on the Messenger app and what photos and videos they are sharing
- Google says it accidentally exported users' videos in Google Photos to strangers
- Ever Record a Video on Facebook? Facebook Still Has It.
- ‘I was raped at 14, and the video ended up on a porn site’
- The calmer, more private version of Instagram that Facebook killed
- From selfies to belfies and everything in between, 10 years of troubling Instagram body type fads
- Google Photos sent users’ private videos to total STRANGERS in major privacy blunder
- Google admits it sent private videos in Google Photos to strangers
- Jack Fincham's hints about secret baby as he prepared for 'new responsibility' as a dad
- The best Android apps (January 2020)
- The Iowa caucus debacle shows why tech and voting don’t mix
- ‘Fitbit for your period’: the rise of fertility tracking
- Tinder will look quaint beside the future of digital dating
- Kalki Koechlin and Guy Hershberg welcome baby girl
Shock Instagram blunder let strangers secretly download your photos, videos and location – and ‘millions of users’ affected have 1227 words, post on www.thesun.co.uk at August 8, 2019. This is cached page on TechNews. If you want remove this page, please contact us.