The lax privacy practices of the social media platform owned by Facebook let a third party access physical locations of millions of users and even secretly save their personal stories.
A breach of huge proportions
Just like its parent Facebook, Instagram has several privacy issues that the app has failed to address. It has some configuration errors on the app. The oversight on the app is also lax, despite the fact that Facebook has suffered the consequences of a privacy breach in recent months because of which it lost public repute. Even the company’s new cryptocurrency is being looked down upon due to its lack of privacy. Now Instagram has added another woe for the social media giant.
A San Francisco-based firm HYP3R, which was the app’s vetted advertising partner, openly violated the company’s rules. While Instagram called it a “preferred marketing partner” HYP3R went on to track the physical location of Instagram users. It even created detailed records of users which included their personal bios, pictures and even their stories.
Business Insider first leaked this report after which Instagram sent a cease and desist letter to the marketing firm. A spokesperson for the company said,
“HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.”
Facebook hasn’t learned its lessons
Over a year ago, the data of millions of Facebook users was exploited by a Cambridge Analytica, which led to a massive scandal and media trial of the company. Instagram has always operated as a separated app from the core Facebook app, but now, the problems in its infrastructure are becoming public. The sheer presence of actors who create extensively detailed records of users is a warning sign for the company.
The total volume of the breach isn’t clear it, but sources suggest that it contains data of hundreds of millions of users. It raises questions about the company’s due diligence in assessing and monitoring the conduct of its partners who have significant access to user data.
Meanwhile, HYP3R has denied violations of Instagram rules. It noted that it was justifiable and legitimate to use public scrap public data from open platforms and hopes that its problems with Instagram will soon be resolved.