A bug shares private Instagram posts and Instagram Stories

A new security breach triggers alarms in the Instagram application. And it has to do with the ephemeral videos or 'Stories' that we create and see every day. Apparently it is a problem that originates in the configuration of accounts that are private and their management of messages and Stories. With just a couple of mouse clicks in any web browser (the problem is not if you use Chrome, Firefox or Chromium) you can expose the private URLs of messages and Stories, stored on Facebook's servers.Let's remember that Instagram belongs to the emporium of Mark Zuckerberg, who is also the owner of WhatsApp.

Your private photos, visible to all

In this way, any user, through a simple web browser, can inspect the code of which a page is composed through the specific tools that these browsers offer. In the 'Img' section of the header called 'Network', when clicking on 'Inspect', the URL of the displayed image appears, whether it is a public photo ( so there would be no problem about it) or an ephemeral history. Said URL can be shared and viewed at any time with any Internet user, even if the account from which said ephemeral image or video comes is private.

The Verge has confirmed that this procedure, although it can be a bit laborious and tedious, can be carried out even by people who do not have too many hacker resources.By reloading a private account and loading the 'IMG' section in the web element inspection, they were able to verify that the URL was correct and that it could be shared for the rest of the world to see. And we must remember that they tested it with a totally private account. They verified, however, that this was not an Instagram configuration (that a user could find the URLs of their photos and videos in their own private account) and, indeed, anyone could perform this same action. You who are reading us can do it too. If your account is public, logically, this does not affect you. But be careful if you have your account locked because Instagram is not managing their privacy very well.

According to Facebook, this is not a problem

In addition, if you've had a private conversation with someone who has a locked account, you can also access their profile picture, although for this we must have access to your account, your timeline of photos and your Stories.This undoubtedly calls into question the effectiveness of Instagram engineers and developers. Facebook has not taken too long to respond to this security problem. In the social network's own words, this search behavior for the URL of a private photo is not far from the action of taking a screenshot. The company has not detected any abusive movement in relation to Instagram. A Facebook spokesperson said:

« The behavior described here is the same as taking a screenshot of a friend's photo on Facebook and Instagram and sharing it with other people. Does not give people access to a person's private account »

At the moment, from what we've seen, we can't do anything to avoid, if we have a private account, someone sharing our photos with third parties .