By using an Instagram hack, security researchers have found that many of the world’s largest social networks are secretly recording and storing vast amounts of user data.
They discovered a new vulnerability in Instagram’s API, allowing attackers to access accounts’ sensitive data, including names, addresses, email addresses, photos and videos, in a way that could allow them to track and compromise users.
“We’ve identified two types of vulnerabilities that could lead to compromise of accounts, potentially exposing sensitive data,” the researchers wrote in a blog post published Monday.
Instagram said the bugs were discovered while working with its security team.
The Instagram hack is part of a wave of security flaws that have rocked the social network in recent months.
Facebook, Microsoft and Google are among the biggest players in the social media world, and the companies all have their own privacy policies and protocols for protecting users’ data.
In April, Instagram revealed a new security flaw that could make it possible for hackers to secretly spy on a user’s Instagram account and collect data from its followers.
Instagram, which allows users to post photos, videos and comments, says it encrypts and stores data on its servers and uses machine learning to filter out potentially offensive content and ads.
Facebook has said it has made significant improvements to its security practices, and it also has strict rules about how its services are used and disclosed.
Twitter said last week that it is working to improve its security measures.
“It’s not clear yet what the intent is of these new vulnerabilities,” the social networking company said.
Instagram has been a mainstay of the social world for years, but it has struggled to maintain a steady user base as it has tried to expand beyond the U.S. It has more than 2.3 billion users worldwide.
Facebook had about 11.6 billion active users as of March 31.
Instagram users in the U, UK, France, Germany, Japan and South Korea are all protected by different policies, according to the company.