It has been recently discovered that a third-party Instagram app called InstaAgent is stealing usernames and passwords of Instagram users. The third-party app promised to tell Instagram users who viewed their profile, but actually is saving their usernames and passwords in a plain text file.
David L-R, an iOS developer found this out in his perusal of its codebase. What is more disturbing is that he found that the app ships those credentials to an unknown server, meaning, someone is harvesting people's login details for unforeseen reasons.
It was when downloading "Who Viewed Your Profile - InstaAgent" that it was discovered the app is reading Instagram login details of users, and sent them to remote server instagram.zunamedia.com, reported MacRumors.
According to Phandroid, the reason is not important yet but the action causes much worry. After the discovery, Apple and Google pulled the app from their respective stores as it was one of the most popular downloads in its category.
For those who had previously used the app, all they can is to change their Instagram password. After which they have to apply the preventive measures of not trusting third-party apps, especially with passwords. An app that does not authenticate a user's account through its built-in authentication method is definitely not worth the trust.
Instagram and even other applications, does not allow third-party apps to upload images of user accounts. InstaAgent is not that popular in the United States, but in Canada and UK. Google Play shows it has 100,000 to 500,000 users, which could be the same for iOS.
There could still be many apps hiding themselves and clandestinely steal passwords. This Instagram third party app, InstaAgent password stealer just proves that even legit-looking apps can be dangerous. Users are only more cautious of malicious malwares but would trust legitimate applications.
Hence, it is important to play safe and ensure to protect personal information as securely as possible.