A security breach occurred on March 12, 2019 on the Instagram website that redirected me to be logged into another person’s Instagram account with full access, no password input, automatically. I do not know how this happened. I do not know why this happened. This is clearly a serious security issue on Instagram’s side. There are screenshots with notations.
The morning started out like normal, with a lengthy TDL (to do list). In the process of normal website maintenance, a search was made to find any dead links. In reading the report, one of the links reported with a 404 (not found) error was for the Heritage Forensics Instagram account. Out of curiosity I clicked on the link to see why it was a 404. This was all done on a computer browser.
When I clicked on it, it took me to the Instagram website and the 404 page. Instead of seeing “Log in” in the upper right corner, there was an account name. Not mine, but an account name. It was “sarabaldwin4979”. There was no logout link. I clicked on the account name, out of sheer curiosity, and it takes me into this person’s profile. From the screenshot you can see where it says “Edit Profile”.
Things to consider here:
(1) I do not know who this person is
(2) I have no idea what the password is nor did I input any password.
(3) Instagram has granted me full access into another person’s account, randomly.
This is clearly a serious security issue with Instagram.
This does not make me feel positive, nor safe about using Instagram! Changing or having a complex password does not do any good if this sort of thing happens! To note again, I did not ever put in any password nor was I asked for a password.
Are you concerned, yet? Because I am very concerned. The Instagram account for Heritage Forensics is a business account, as all the social media accounts are.
Is Facebook Responsible?
Instagram was acquired by Facebook for $1 Billion in 2012
This happens in the wake of Facebook’s announcement to merge the messaging systems for Facebook, WhatsApp, and Instagram on January 30, 2019. Also reported earlier this month was Facebook’s CEO, Mark Zuckerberg, wrote a 3,200 word blog post about the changing and increasing security options for its 1.5 billion active users that would include encryption.
(If you’re curious, you can read the blog post here: https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/)
While Facebook is attempting to address the Cambridge Analytica scandal of 2018, which impacted more than 87 million users by allowing personal data to be harvested without their consent for political purposes, somebody somewhere seems to be slipping on the security once again.
In 2018, an untold number, thousands to millions, of Instagram users were subjected to a security breach by hackers. It was known that up to 50 million Facebook users had their passwords hacked also.
This seems to be a recurring problem. Facebook should focus more on the prevalent problem that plagues online users everywhere: password hacking.
Browser Redirect
But what happened in this case, in my own experience, was a browser redirect. There was no password hacking involved.
To the user sarabaldwin4979, I did nothing to your account. I backed out of it without doing any harm. I’m sorry that I can’t tell you to change your password, because I never put it in.
As for Heritage Forensics
The Heritage Forensics Instagram account is fine, I did check it with my phone. As it turns out, I had a typo in the link that caused the 404 error which led to this experience in the twilight zone.
In the end, when things like this happen, there is no password in the world that is safe because it doesn’t matter when the website drops you in a place you’re not supposed to be.
Screen shots of the event are below.