This 3rd Party Instagram App Has Been Stealing Your Credentials
Nov 12, 2015
Gannon Burgett
Gannon Burgett is a communications professional with over a decade of experience in content strategy, editing, marketing, multimedia content creation. He’s photographed and written content seen across hundreds of millions of pageviews. In addition to his communications work for various entities and publications, Gannon also runs his multimedia marketing agency, Ekleptik Media, where he brings his expertise as a full-stack creator to help develop and execute data-driven content strategies. His writing, photos, and videos have appeared in USA Today, Car and Driver, Road & Track, Autoweek, Popular Mechanics, TechCrunch, Gizmodo, Digital Trends, DPReview, PetaPixel, Imaging Resource, Lifewire, Yahoo News, Detroit Free Press, Lansing State Journal, and more.
Share:
If you’ve downloaded InstaAgent, an iOS and Android app designed to let you see who’s viewed your Instagram profile, you might want to delete it from your smartphone. According to a new report, the app – whose full name is ‘Who Viewed Your Profile – InstaAgent’ – is not only storing usernames and passwords in plaintext and sending them to a remote server, but also using those very credentials to log in and post unwanted images to users’ profiles.
InstaAgent has since been removed from both the Google Play Store and iOS App Store, but so long as it’s on your phone, it can still send your information.
The exploit, first discovered by app developer Peppersoft, takes your Instagram login information and sends it via non-encrypted text to a remote server called instagram.zunamedia.com. While it’s not clear what all is done with that information, it appears InstaAgent then uses those credentials to log into accounts and post unauthorized images, a means of getting around Instagram’s restriction from letting third-party apps from uploading media.
https://twitter.com/PeppersoftDev/status/664130920266493953
For anyone who has downloaded the app, either on iOS or Android smartphones, it’s highly suggested you delete the app and change all passwords associated with your Instagram login.
https://twitter.com/PeppersoftDev/status/664116449666048000
Download numbers aren’t 100% known, but from the looks of it, it appears InstaAgent could’ve amassed over one million downloads in total, split almost 50/50 between iOS and Android.
https://twitter.com/PeppersoftDev/status/664071915678654464?ref_src=twsrc%5Etfw
Turker Bayram, the man behind InstaAgent has since refuted reports that accounts were compromised and apologized via the company’s main url, stating he has made ‘a terrible mistake’ and that ‘your password [were] never saved [to] unauthorized servers.’
Did you or do you have InstaAgent on your phone? If so, have you experienced any unauthorized posts on your account? Let us know in the comments below.
[via MacRumors]
Gannon Burgett
Gannon Burgett is a communications professional with over a decade of experience in content strategy, editing, marketing, multimedia content creation. He’s photographed and written content seen across hundreds of millions of pageviews. In addition to his communications work for various entities and publications, Gannon also runs his multimedia marketing agency, Ekleptik Media, where he brings his expertise as a full-stack creator to help develop and execute data-driven content strategies. His writing, photos, and videos have appeared in USA Today, Car and Driver, Road & Track, Autoweek, Popular Mechanics, TechCrunch, Gizmodo, Digital Trends, DPReview, PetaPixel, Imaging Resource, Lifewire, Yahoo News, Detroit Free Press, Lansing State Journal, and more.
Related Posts
Android 11 will restrict third-party camera app access to stop them stealing location data
Instagram adds new features; integrates 3rd-party apps including GoPro and Spotify
Instagram Lays Down the Banhammer on 3rd Party Apps, Minimizes API Access
Instagram is combating fake photos with 3rd party fact-checkers
Join the Discussion
DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.