Another weak & another Instagram breach. This time by a…white hat hacker‽
But Wineberg carried on probing for more weaknesses in Instagram’s architecture. He said he’d found a server configuration file that contained some keys for Amazon Web Services, the cloud computing provider used to host Instagram’s Sensu setup. Those keys let him see that there were 82 different “buckets” – Amazon’s term for digital storage units. The same keys, however, did not allow him to access any of the buckets apart from one. He looked through the latest file in that bucket and found nothing sensitive, but when he looked at an older version of the file, hidden within was yet another Amazon set of keys. These gave him access to all 82 buckets.
He was shocked by the basic errors Instagram had made. “It’s the kind of thing I would have expected from a startup after a year or less, not a company owned by Facebook,” he told FORBES. (Forbes)
Facebook is enraged by this breach (and rightfully so), although it makes me wonder why Instagram has yet to implement 2-Step Login (aka 2-Factor Authentification) as another layer of protection for the 400 million plus users accessing the site.
Facebook has already implemented 2-Step Login, as well as Tumblr, Twitter, Google, WordPress, et al, yet Instagram is somehow too lazy or too inept to provide this because [insert silly excuse here].
I love Instagram (I am @Darnell over there) but if they do not care about the security of their users then why should they upload photos and videos to the site‽
If you ask me it’s time for a friendly Facebook intervention by Zuck & crew into the instaverse lest our Instagram accounts get seized by a black hat hacker!
Image Credits: Instagram & SecurEnvoy
