Photo by Amelia Holowaty Krales / The Verge
Instagram has a security flaw in the way it handles posts on accounts that have been set to private, BuzzFeed reported today. The report illustrates how a series of mouse clicks on any web browser can expose the persistent URL of private posts and stories cached on Facebook servers.
Anyone can use a web browser, like Google Chrome, to inspect the source code on a web page using the “Inspect Elements” tool. By tabbing over to the “Img” section of the Network header, you’re able to find the URL of any Instagram image you’ve clicked on, be it a disappearing story or a photo posted to a user’s feed. That URL can then be shared and the photo viewed by anyone, including people who do not follow the private account in question.