Instagram website was leaking user details for months

Image credit: Pixabay (Image credit: Image credit: Pixabay)

A security researcher has revealed that Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months.

Data scientist and business consultant David Stier discovered that the source code for some of the social network's user profiles included the account holder's contact information whenever it loaded in a web browser. He notified Instagram regarding the issue shortly after he discovered it earlier this year.

The desktop version of the Instagram's website did now show user's contact information in their profiles but it was used by the photo-sharing site's app for communication.

According to Stier, the contact information for thousands of accounts was exposed and private individuals including some minors as well as businesses were affected. Cybercriminals could have easily scraped this data from Instagram's website to create an index filled with the contact details of thousands of the service's users.

Leaked contact information

Facebook said that it was investigating the issue this week but did not provide further details into its findings. 

This isn't the first time that data from Instagram was leaked online and the company is also investigating a database filled with user information left unsecured by a marketing company called Chtrbox.

Stier found evidence that user's phone numbers and emails had been in Instagram's source code since at least October by examining archived versions of Instagram profiles. He first reported the issue to the company in February and it was fixed in march.

Unfortunately, the contact information is still available on the Instagram app from users who opted into letting others contact them through the app. This is a bit better than including this sensitive data in the site's source code but not by much as hackers could use social engineering to obtain this information for themselves.

  • Protect your systems from the latest cyber threats with the best antivirus

Via CNET

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.