July 2, 2020

Volume X, Number 184

July 02, 2020

Subscribe to Latest Legal News and Analysis

July 01, 2020

Subscribe to Latest Legal News and Analysis

June 30, 2020

Subscribe to Latest Legal News and Analysis

June 29, 2020

Subscribe to Latest Legal News and Analysis

Hyp3r-Misappropriation of Data Gets Instagram’s Attention, But is Enough Being Done?

Until recently, a security vulnerability in the social media platform Instagram, allowed Hyp3r to illicitly harvest millions of Instagram users’ data and track their locations.

In a similar manner to the Cambridge Analytica scandal that plagued Facebook following the 2016 US presidential election, this latest example of Hyp3r’s mass data collection was discovered through a journalistic investigation and was not uncovered by the social media platform.

Hyp3r used locations ‘tagged’ in the Instagram Story’s of users with public profiles as data points. When other users ‘tagged’ the Hyp3r-monitored locations, the platform would harvest that data. This information, along with data on user biographies, images, locations and interests, was compiled to generate detailed profiles. It is estimated that at least 1 million posts per month were processed by Hyp3r.

In response to Hyp3r’s activities, Instagram is launching a Data Abuse Bounty Program similar to the one operated for the Facebook platform. The program rewards external experts in the form of cash bounties, for spotting instances where users’ data is being misappropriated.

Not uncommon in the tech industry, bounty programs are one way that companies are attempting to probe their systems for flaws. The very existence of bounty programs perhaps suggests that these multi-billion dollar platforms do not have the internal capabilities to combat the defects in their own security systems. Coupled with the fact that not every platform will have the resources to host such reward-driven programs, it is not clear that such programs, which are reliant on external third party experts, are enough to combat the ever increasing number of actors seeking to misappropriate individuals’ personal information.

Copyright 2020 K & L GatesNational Law Review, Volume IX, Number 249


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.