A security flaw makes it extremely easy for anybody to view posts of private accounts on Facebook-owned Instagram. A series of mouse clicks on any web browser can expose the persistent URL of private posts and stories cached on Facebook servers, thus making the private posts of users visible.
The hack which works on “Insta” stories as well, requires only a rudimentary understanding of HTML and a browser. It can be done in a handful of clicks.
A user simply inspects the images and videos that are being loaded on the page and then pulls out the source URL. This public URL can then be shared with people who are not logged in or do not follow that private user, BuzzFeed News reported.
This is reportedly also applicable to a private Instagram story, which are meant to last for only 24 hours, expires or is deleted.
Quartz had discovered a similar loophole for private Instagram content in 2015 wherein tests it conducted showed that a photograph posted to Instagram when a user’s account was set to public remained publicly viewable on the web, even if the user’s account was later made private.