Fraud Management & Cybercrime , Governance & Risk Management , Privacy

Why Did Instagram Leak Minors' Email Addresses Again?

Data Scientist David Stier Says Social Media Platforms Needs Better Safeguards
David Stier, data scientist

Social networking poses special risks for minors. Although the point of social media is to be social, sharing too much information can be harmful.

See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive

David Stier, a San Francisco-based data scientist, has uncovered situations in which Facebook’s Instagram service exposed the contact details of minors, such as email addresses and phone numbers.

In the last month, Stier discovered that Instagram was leaking kids’ email addresses within the HMTL of the web version of users' profiles. Instagram has fixed the problem. But questions are being raised over how carefully the company scans for personal data leaks when it makes code changes (see: Instagram Leaked Minors' PII Again, But Now It's Fixed).

“I was truly blown away by the fact that again Instagram was including personally identifiable information in the HTML source code in virtually the exact same manner that they had more than a year and a half ago,” Stier says.

The Irish Data Protection Commission is investigating another one of Stier’s findings, in which kids had converted their personal profiles to business ones, which subsequently exposed their email addresses or phone numbers - or both (see: Instagram Shows Kids' Contact Details in Plain Sight).

The DPC is investigating whether Instagram's account settings are appropriate for children. A second line of inquiry is looking at Facebook's legal basis for processing children's data and whether it uses adequate protections for children (see: Instagram Investigated for Exposure of Minors' Details).

In this video interview, Stier discusses:

  • How Instagram was recently leaking minors’ email addresses;
  • What the risks are to minors if personal data is revealed;
  • How social media companies should better protect personally identifiable information.

Stier runs a marketing consultancy. He has created machine-learning models and given presentations on data science techniques.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.