A private social media account is supposed to give you the power to protect your posts, photos and other content from strangers, colleagues, family members and other folks. Turns out that's not exactly the case over at Instagram (and at Facebook too).

A trio of BuzzFeed News employees — Ryan Broderick, Ryan Mac and Logan McDonald — exposed this privacy flaw yesterday (Sept. 9), and they even showed how easy it is to snatch a so-called-private post. 

The BuzzFeed News writers didn't share the exact steps for how to steal a private image or video asset, but their story details that you need "only a rudimentary understanding of HTML and a browser" and that the process is easily completed with a "can be done in a handful of clicks" on Instagram or Facebook.

Facebook, in a statement to The Verge, said "The behavior described here is the same as taking a screenshot of a friend’s photo on Facebook and Instagram and sharing it with other people." 

BuzzFeed News' account of the situation suggests otherwise, as the outlet notes that even Instagram Story posts — after the 24-hour window following their posting — can be pulled with method, and you don't even have to be logged into Instagram to do it. 

MORE: How to Deactivate Your Instagram Account

The BuzzFeed Tech + News Working Group tested their trick on their own, and used it to view, download and share JPEGs and MP4s "from private feeds and stories."

Following that, the article notes that you just need to use the inspect tool (right-click to find that) to see the source URL. All of this, it appears, can be done straight from someone's Instagram profile page. 

Gizmodo disputes the argument that this kind of reverse-engineering should be called a hack, saying "what’s really happening is Internet 101. When an authorized user loads a piece of content on Instagram in a browser, it’s trivial to look in the HTML and find a direct URL to where the image or video is." 

The difference between this and what more secure sites would do is that Instagram and Facebook don't make it harder to get such direct access.

This all comes after Instagram's parent company, Facebook, experienced a very-bad-year for privacy, when its Cambridge Analytica scandal highlighted how user data.

  • 8 Hidden Instagram Story Features You Need to Know
  • Don’t Use Facebook? Facebook Tracks You Anyway
  • How to Download All Your Instagram Posts

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Thank you for signing up to Tom's Guide. You will receive a verification email shortly.

There was a problem. Please refresh the page and try again.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.