South of Midnight Wins Game of the Year at Canadian Game Awards 2
Victor Lucas, creator of the Canadian TV show Electric Playground, won the Game Changer Award during the Canadian Game Awards ceremony.
If You Downloaded ‘InstaAgent’, Change your Instagram Password Now
Did you happen to download and install InstaAgent from the App Store recently? If you did and logged into the app with your Instagram password, your credentials have been compromised. The malicious app (developed by a “Turker Bayram” a month ago) was one of the top free apps in Canada and the U.K., and evidence has proven it harnessed user logins.
Description
You can see the people who looked your Instagram profile !InstaAgent application research your profile for the people who views your profile.
App analyses your followers actions with your profile then makes a list for you.App can show you maximum 100 persons. This app sorts list order by view.
Note:
You must have an Instagram account to use this application.
This app tries to make most correct list for you.
The discovery was made by @PeppersoftDev David L-R (via MacRumors), who discovered usernames and passwords were being sent in clear text to a remote server. The app, titled “Who Viewed Your Profile – InstaAgent”, was also available on Google Play, and affected the latter’s users as well.
https://twitter.com/PeppersoftDev/status/664071915678654464
Google was quick to pull the app from Google Play earlier this afternoon, while Apple followed suit a couple hours later.
The major issue with this privacy breach is if your Instagram login and password is also used on other websites, you have a security SNAFU on hand. It’s probably best to delete InstaAgent, change your Instagram password and also any other sites that may use the same login. This is why it’s crucial nowadays to use a password manager like 1Password to create unique passwords for every site you login to nowadays.
Not sure how this made it past Apple’s strict App Store approval process, but those affected by this breach probably aren’t too happy right about InstaAgent right now.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Other articles in the category: News
CRTC Slaps Apple, Netflix and Disney With 15% Tax — And Your Streaming Bill Is Next
Apple, Netflix, Amazon, Disney+ and other online streaming services operating in Canada will see their mandatory contributions to Canadian and Indigenous content triple under new rules announced by the country's broadcast regulator. The Canadian Radio-television and Telecommunications Commission (CRTC) has set a new 15% contribution rate for online broadcasters, now up from the 5% base...
OpenTable Signs Multi-Year Lease for New Toronto Office
OpenTable has signed a multi-year lease for a new 24,000 sq. ft. office in Toronto, focusing on global engineering, innovation, and Canadian hospitality.
I don’t think this app is malicious on purpose. No developer/hacker would send that kind of information over the wire unencrypted. It just does not add up. If this was a truly malicious app developer would hide the fact that he/she is stealing passwords better. I am thinking that he/she is using some kind of web service that is doing the logging for her/him, and with being an inexperienced developer, he/she sends the logging data in plain text.
Maybe I am wrong, but this is the only way it ads up in my opinion.
I wonder whether the app actually worked, accurately creating a list of profile viewers, and for whatever reason the dev failed to encrypt usernames and passwords, or if the login information was used to skim the friends list, create a fake list of profile views to facilitate sharing the app with others, and then fail at masking the malicious intent?
Maybe they just didn’t think it would be necessary to use encryption? No need to protect it if you are stealing it.
I agree about the first point. I think that app never actually did what it said it does. About encryption, it is not about protection of the data being stolen. It is about hiding what you have stolen. What they did is rob a bank and then walk down the street with bags of cash. That just does not make sense to me. Even a stupidest bank rober would not do something like that.