Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

InstaAgent App Has Been Stealing Your Password

Article Placeholder Image
By Jonathan R. Tung, Esq. on November 17, 2015 5:59 AM

The smartphone app InstaAgent has been surreptitiously stealing user passwords. If you have this app, get ready to do some damage control. There's some good news, however: you're probably used to it by now.

Both Apple and Google have pulled the app from their stores after a series of developers descended onto the Internet and flagged it for copying user's personal information including their user names and passwords. The developer apologized for programming InstaAgent in this way and acknowledged it was not a good idea.

Innocuous Enough

App Developer Turker Bayram wrote and developed InstaAgent, which was billed as a program that would let users know who had viewed their Instagram profiles. Obviously, this app did rather well as people have been increasingly obsessed with seeking personal validation through social media. The app was also available for free, thus ensuring a high number of downloads.

Getting More Than You Didn't Pay For

Unfortunately, it didn't take long for other savvy developers to notice that there was more to the app than met the eye. On Tuesday last week, David Layer-Reiss, another developer, reposted a number of user complaints that revealed strong evidence that Bayram's app was actually hacking into peoples' user information. If one is to believe Bayram's statements, this was not done with any illicit intent: buggy programming was to blame.

Aw, Man -- More Passwords?

You guessed it: constantly changing passwords is the layman's final bastion of security against nasty rogue hackers who lurk in the umbra of the dark-web. That is, at least until a completely different security paradigm is found.

Bayram has assured the Internet that the program did not install and store people's information illicitly anywhere. But companies like Facebook weren't too sanguine with that comment and decided not to take any chances, suggesting that anyone who downloaded InstaAgent should delete the app and also change their password ... again.

One should always be careful of falling into the classic trap of "free," or being seduced by any service that would enable users to stroke their narcissism. Security consultant Alan Woodward said that "offering users an app to see who has viewed their profile is a classic way of scamming users into installing software." This latest episode reminds us that even if Bayram made this mistake in good faith, it's the dumb mistakes that can threaten your info.

Related Resources

Find a Lawyer

More Options