Instagram Flaw Exposed So-Called “Private” Photos

Instagram Flaw Exposed So-Called “Private” Photos
Image source: Pixabay

It’s apparently fixed now, but for six months, any Instagram photos you had set to “private” may have been exposed to the world, thanks to a major bug. Andy Greenberg of Forbes detailed the major flaw, which was revealed by Christian Lopez back in August of last year.

Play Quizzes 4

Instagram flaw detected

Lopez reportedly discovered a flaw which allowed hackers to secretly switch Instagram users’ privacy settings from private to public so they could take a peak. According to Greenberg, the company fixed that flaw as of Feb. 4, but still—it lasted for almost six months after Lopez reported it to Facebook Inc (NASDAQ:FB)’s security team.

London Value Investor Conference 2022: Chris Hohn On Making Money And Saving The World

business activist 1653311320Chris Hohn the founder and manager of TCI Fund Management was the star speaker at this year's London Value Investor Conference, which took place on May 19th. The investor has earned himself a reputation for being one of the world's most successful hedge fund managers over the past few decades. TCI, which stands for The Read More

The independent security researcher emphasized that Instagram did respond well to his information, and its parent company Facebook Inc (NASDAQ:FB) apparently paid him four figures under its bug bounty program. The social network regularly rewards researchers who uncover security flaws in its systems. However, he said he was surprised at how long it took the company to repair the problem.

How the Instagram hack worked

Greenberg reports that the hack made us of what’s called “cross-site forgery.” That technique utilizes a link which steals cookies from other sites which are stored by the user’s browser. So to hack into a user’s Instagram photos, hackers would have had to trick them into clicking on a link, like one in a phishing email or phishing message on Facebook. Users who clicked on the link and had previously logged into their Instagram from the Web at some point would unknowingly giving the hacker the ability to change their privacy settings. Mobile-only users of Instagram were not affected by this flaw.

Facebook Inc (NASDAQ:FB) reportedly pushed out an early fix for the problem just about a month after Lopez reported it. However, it did not correct the issue regarding cookies. Last month, Lopez reported that a change in the code on Instagram’s platform actually opened the bug yet again, so even those with new cookies may have fallen victim to hackers.

Updated on

Michelle Jones is editor-in-chief for and has been with the site since 2012. Previously, she was a television news producer for eight years. She produced the morning news programs for the NBC affiliates in Evansville, Indiana and Huntsville, Alabama and spent a short time at the CBS affiliate in Huntsville. She has experience as a writer and public relations expert for a wide variety of businesses. Email her at
Previous article Organovo On The Block As Hedge Fund Shorts Pile UP In 3D Printing
Next article Pressure Mounts To Return Fannie Mae, Freddie Mac To Owners

No posts to display