Instagram is arguably one of the most widely used third-party iPhone apps, and a security researcher has just exposed a flaw that could leave your account vulnerable to takeover. It appears as though the app doesn’t encrypt all of its information, instead sending some data over plain text. This data can be intercepted, and used to access your account.
If the hacker is on the same network as you, they can potentially intercept the plain text cookie that is sent between your phone and Instagram. From this, they can get into your account:
By using another tool to modify the headers of a web browser during transmission to Instagram’s servers, it is possible to then sign in as the victim and change the victim’s email address, resulting in a compromised account.
The information on this hack is coming to light as the man who discovered it, Carlos Reventlov, attempted to contact Instagram, but was only sent an automated reply. Thankfully, when news like this tends to hit the blogs, companies are usually pretty quick to fix them.