They discover how to impersonate any Instagram account

None application or computer program is free of vulnerations or some back door that allows the access of third parties who are too curious On this occasion the failure has relapsed on Instagram, the famous photographic filter social network, where have been discovered two methods of accessing the accounts of any user and performing various actions, being able to ruin any profile in a matter of minutes Something that will not be funny to any ordinary users or brands that use this social network for promotion and as ways ofsocial media

Discovery of the bug must be awarded to Nir Goldshlager, a hacker or security expert who, since the purchase of Instagram by Facebook over a year ago, has been tempted to study the possible vulnerabilities of this tool, as explained in the blog Break Security So, following your Instinct eventually discovered a bug related to the OAuth protocol, a channel that allows sharing information between two sites without the need to identify or share identity

In such a way, exploiting this feature, he has managed to access through Instagram.com to any user's account. However, this is not the worst. And it is that having access to anyone's account means the possibility of seeing all the private images of said user. In addition, it has also verified that through this vulnerability it is possible to delete the photos published through the account and even publish and share new ones Something that, in the wrong hands and with bad intentions can do a lot of damage.

The solution? For now none So far neither Instagram or Facebook seem to have fixed this vulnerability or issue, so delete user account would be the best option. Of course, such an act would lead to stop enjoying this toolAccording to Goldshlager, both companies are aware of these and other vulnerabilities, including Facebook Security, in charge of the security of its different companies, came to answer the hacker about these vulnerabilities. However, it seems that this problem has not yet been fixed, although they are most likely working on it. So far no application update has appeared available.

For those more knowledgeable, the failure of the OAuth protocol has two aspects. And it is possible to use your vulnerability directly through Instagram.com or through linkthat can be created with Facebook to publish the photos on this social network. However, it is necessary to have advanced knowledgeof programming and security to be able to access these tools without having the names and passwords of users, so it is hopefully this problem does not become generalized

In short, a new blow to the security and privacy of users Something that is repeated too often, especially in social networks where information is published relatively private and intimate For now we just have to wait forFacebook be in charge of placing the barriers necessary to avoid problems with Instagram