Instagram, the mobile photo-sharing network recently suffered a flaw in its image application, recently discovered by Spanish researcher Sebastián Guerrero. As described in the advisory published by Guerrero, there was a logical flaw in the authorization that he called ‘friendship vulnerability’.
Accordingly, an attacker can perpetrate a brute force attack in the context of user application and add himself as a friend of all the users on Instagram, being possible in this way to get access to private albums and profile information.
“We don’t have any evidence that this bug was taken advantage of at any other scale than very minimal experiments by a technical researcher. The technical researcher was not able to follow private users, nor were private users’ data ever at risk,” Explained Instagram’s bug fix notes.
Instagram was acquired by Facebook back in April, where the social networking giant paid a hefty price of $1 billion for the deal. Photo-sharing is something really important to Facebook, and this deal was a great in-move for its long term mobile strategy. Just last week, Instagram has received an update for the first time since Facebook snapped it up. The upgrade has been rolled out on both the iOS and Android versions of the application, which is now available as version 2.5 and 1.1.4.
The reported flaw in Instagram, if lasted for a long time, could have tarnished the Facebook’s image as it is already facing issues from some of its acquisitions. Earlier in June, Face.com, the Israel-based facial recognition maker, suffered a big security flaw in its functionality, resulting in hijacking of the Facebook and Twitter accounts of users. The popular Face.com mobile app KLIK that lets users tag faces in photos using Facebook allowed almost anyone to hack the Facebook and Twitter accounts of KLIK’s users.