Did you happen to download and install InstaAgent from the App Store recently? If you did and logged into the app with your Instagram password, your credentials have been compromised. The malicious app (developed by a “Turker Bayram” a month ago) was one of the top free apps in Canada and the U.K., and evidence has proven it harnessed user logins.
You can see the people who looked your Instagram profile !
InstaAgent application research your profile for the people who views your profile.
App analyses your followers actions with your profile then makes a list for you.
App can show you maximum 100 persons. This app sorts list order by view.
You must have an Instagram account to use this application.
This app tries to make most correct list for you.
The discovery was made by @PeppersoftDev David L-R (via MacRumors), who discovered usernames and passwords were being sent in clear text to a remote server. The app, titled “Who Viewed Your Profile – InstaAgent”, was also available on Google Play, and affected the latter’s users as well.
I would say "Who Viewed Your Profile – InstaAgent" is the first malware in the iOS Appstore that is downloaded half a million times.
— David Layer-Reiss (@PeppersoftDev) November 10, 2015
Google was quick to pull the app from Google Play earlier this afternoon, while Apple followed suit a couple hours later.
The major issue with this privacy breach is if your Instagram login and password is also used on other websites, you have a security SNAFU on hand. It’s probably best to delete InstaAgent, change your Instagram password and also any other sites that may use the same login. This is why it’s crucial nowadays to use a password manager like 1Password to create unique passwords for every site you login to nowadays.
Not sure how this made it past Apple’s strict App Store approval process, but those affected by this breach probably aren’t too happy right about InstaAgent right now.