Yet another reminder to never use the same password in multiple accounts no matter how convenient it is.

Social media boosting service Social Captain had exposed thousands of Instagram passwords recently. A website bug had allowed open access to any of the user profiles within Social Captain without the need to log in. One could simply plug in a user’s unique account ID into the company’s web address, and that would grant them access to their Social Captain account, AND their Instagram login credentials.

According to security solutions manager, Adam Brown at Synopsys Software Integrity Group: “Design flaws are the cause of approximately 50% of all software vulnerabilities. They are seldom detected without performing a design review, as this activity requires select expertise. That said, in this case a penetration test should have easily identified the flaw.

This is especially bad for affected users not just because their Instagram passwords are now breached, but also due to the fact that people commonly reuse passwords which could lead to, by extension, unauthorized access of additional accounts.”

Another expert, Tony Jarvis, CTO at Check Point Software Technologies (Asia Pacific): “What we see here is yet another example of how integrating one type of user account into another service introduces an additional source of potential risk. With each service that has access to a user’s login details, a vulnerability in any of those platforms could lead to an account being compromised or details being exposed.

It is always prudent to consider who you are entrusting your login credentials to and the potential consequences should a breach occur. In this case, users of the service would be best advised to immediately change passwords for not only the affected account, but any other accounts sharing the same password. Be on the lookout for emails that may use the leaked data to craft more convincing phishing attacks, and monitor communications from such providers as they provide updates to customers following any such incidents.”

This is a continually developing story. Stay tuned while more experts chip in with their insights.

Bookmark