Instagram might be an app you like. Or really like! Or maybe it’s even your favorite app. Maybe you’ve built a pretty respectable following and personality there… which is why this news should worry you. The app has a significant weakness that opens a window for would-be hackers to gain control of your account. Instagram and its parent company, Facebook, have known about the issue since 2012, but haven’t bothered to plug the hole, and it’s unclear when they’ll get around to it—if ever.
The key to the defect is that the Instagram app doesn’t encrypt some of the data it exchanges with the Instagram servers, allowing a third party to copy that information and use it to digitally imitate you. Once the exploit has been pulled off, the hacker can gain access to private account information, redirect account emails, and completely compromise your Instagram identity.
This type of attack is known as a “Man In The Middle” attack, because the hacker eavesdrops on the data being send back and forth between the user and the servers, tweaking or stealing data to accomplish their goal.
Thankfully, protecting yourself against such an attack isn’t terribly complicated. For starters, never connect to an unsecured public WiFi network, as that is one of the easiest ways for a potential hacker to begin sniffing your data. Using the app over your cellular network is generally considered to be safe, so if you’re away from your password-protected home Wi-Fi, opt for your 3G or 4G option as opposed to a random Wi-Fi network.
Paradoxically, Instagram’s mobile site is entirely encrypted, meaning that if you log in via your mobile browser instead of the official Instagram app, you’re actually more secure. It may not be as flashy as the app, but it’ll keep you a bit safer, which is the most important thing.
If this all sounds like a pretty serious issue, that’s because it is, and it’s honestly shocking that Facebook hasn’t taken action to make one of the most popular apps in the world more secure. Since the vulnerability was first made public nearly two years ago, Facebook has maintained that a fix is on the to-do list, but apparently it’s a low priority.
