Michael Wagner hadn’t paid Instagram much attentions since opening his account in 2010. He’d never posted a selfie or documented his brunch conquests. The San Francisco-based man had never chosen between Toaster or X Pro II. But when friends persuaded him to give the Facebook-owned photo-sharing app another shot a few weeks ago, he opened his account to discover someone else had been busy posting pictures on it.
That someone was a high-school girl with over 500 followers and hundreds of photos, seemingly oblivious to the fact that she had poached Wagner’s profile.
According to Mashable, Wagner reported the problem to Instagram, but over the next week, he still had access to the account. He changed the password, but it didn’t kick the girl off, since users keep their access if they were already using the app when it was changed. Instagram reported that they are now aware of the bug and working to fix it, but told Mashable the problem is “rare” and did not provide details about the patch.
The Daily Dot asked Instagram for more details about the bug but have yet to hear back. It appears that the problem started when the girl signed up for Instagram using the same email address as Wagner, though normally when people try to sign up for an account with an email account already in use, they aren’t able to piggyback on to a pre-existing account.
While Wagner was diligent in reporting the issue and didn’t meddle with the girl’s account, he could have easily gotten up to some major mischief. Instagram allows users to send private messages to one another, so if he was a less honorable sort, Wagner could’ve gained access to messages only meant for one person. He also could’ve posted comments and photos as though he was the (unidentified) teen.
This may very well be a rare occurrence, the fact that it happened at all underlines that even major social networks can have troubling gaps in their security. Many services offer two-step authentication to prevent something like this from happening (including Facebook). Looks like Instagram should think about bulking up its verification process.
H/T Mashable | Illustration via Fernando Alfonso III