dtns

Instagram Security Issues - ThreatWire

Added 2020-08-18 18:05:08 +0000 UTC

by Shannon Morse, ThreatWire

I’ve got two similar news stories to share about Instagram. First, Facebook, which owns Instagram, is facing a lawsuit in Redwood City, California, alleging it collected, stored, and profited from the biometric data of 100 million Instagram users without the users' knowledge or consent. A Facebook spokesperson said that this is a baseless claim and that Instagram doesn’t use face recognition technology, while the lawsuit complains that Facebook’s collection of biometric data violates state privacy laws, which could mean they’d have to pay out up to $5,000 per violation.

According to the lawsuit, Facebook didn’t start informing Instagram users of biometric collection until earlier this year. Just last month, Facebook offered to pay $650 million to settle a similar lawsuit about illegally collecting biometric data through the photo tagging tool on Facebook. While the two are similar, they are not the same case.

Instagram was also in the news this week due to its data retention. A security researcher found that Instagram was storing deleted photos and private messages long after the user had removed them, at least a year later. The researcher found these when they downloaded their data from the app and saw it included deleted photos and DMs. The issue was reported to Instagram in October of 2019 through the company’s bug bounty program and Instagram awarded them $6000 for finding the issue.

The researcher found this flaw by using the Download Your Data feature, which was launched in 2018 to comply with GDPR policies. While Instagram says it takes about 90 days to scrub data from their servers, this data was over a year old. The issue was fixed earlier this month with no signs of abuse.

Support me on alternative platforms! https://snubsie.com/support

Shop ThreatWire Merch Directly! - https://snubsie.com/shop

Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24

http://www.youtube.com/ShannonMorse?sub_confirmation=1 -- subscribe to my tech channel!

ThreatWire is only possible because of our Patreon patrons! Sign up now for ACTION ALERTS! Help me reach our next ThreatWire goal to unlock merch tiers and an audio podcast! https://www.patreon.com/threatwire