According to TechCrunch, Social Captain’s blunder started when it was discovered to be storing the passwords of all its client’s Instagram accounts in unencrypted plaintext. This method of storage supposedly allows users of the company’s platform to view their username and password easily while connected to the platform. Unfortunately, a flaw on Social Captain’s website gave virtually anyone and everyone access to the users’ profile. All without having to properly log in, and by simply using the unique ID provided with each Social Captain account. As to the actual number of compromised accounts, a security researcher who had scraped Social Captain’s site found that out of 10000 users, approximately 4700 were complete with Instagram usernames and passwords. While the rest were just accounts containing a user’s name and their email address. Since its discovery, Social Captain has said that it has patched up the flaw, blocking direct access to user profiles. At the same time, Instagram is currently investigating the breach and has advised its users to update and change their passwords. (Source: TechCrunch)
