A big Instagram security flaw allows people to share other users’ private posts and stories using only a web browser…
There’s huge problem with the way Instagram handles accounts set to private. A recent report demonstrates how easy it is to bypass the social site’s security applications.
Private Instagram Posts and Stories can Easily be Publicly Shared with just a Web Browser
Basically, all that’s needed is a few mouse clicks through any web browser. This can expose the persistent URL of private posts and stories residing on Facebook’s servers.
Just by going into “Inspect Elements,” and pinpointing the “img” section in the Network header will reveal the URL. People can then share those URLs, essentially making private content public on a whim.
What’s more, it’s also possible to retrieve images from Facebook servers even if the posts have been deleted. The workaround appears to function for both photos and stories, which supposedly automatically disappear after 24 hours.
Instagram tells The Verge the following:
“The behavior described here is the same as taking a screenshot of a friend’s photo on Facebook and Instagram and sharing it with other people. It doesn’t give people access to a person’s private account.”