Have you ever tried looking for ways to see someone’s private profile?
I am sure we all do it at least once in our lifetime!
And it is for this reason, an app named ‘Ghosty’ was downloaded more than 500,000 times within just six months of its release.
What exactly was this Ghosty app?
“Just share your Instagram login credentials with us to get access to many private accounts.”
I am not saying that!
Released in April 2019 by a Turkey-based developer, the ‘Ghosty’ app promised its users to let them view any private profile on the Instagram platform.
Private accounts that were not accessible to someone you didn’t authorized via your Instagram’s settings option could be easily viewed by an unknown user using this shady ‘Ghosty’ app.
The app used to gain access to all the accounts (public or private) that a user followed on the platform by simply asking users to provide their login credentials.
It later asked its users to invite at least one of their friends to join the Ghostly app.
It ultimately used to gain access to that account too, and see everything a user did on the platform.
‘So let’s say, Bhavna downloaded the app and provided her credentials to Ghosty, the app used to get access to view every account that she followed. Moreover, when she would share and invite her best friend Tejas to download the app, the app used to get access to view every account that Tejas followed too. And… It went on like this on a loop.’
And, that’s exactly how Ghosty increased its pool of accounts day in and out.
The app was downloaded more than 500,000 times (according to analytics firm App Brain).
So if we consider an average Instagram user following 50+ accounts on the platform-
50 X 500,000 = 25,000,000
That’s the approximate number of accounts it had access to.
Now you can easily gauge the millions of accounts it actually controlled, and you could be one of them.
Although these numbers might not exactly tally to the number of accounts they had access to, the privacy risk it posed on users was indeed immense and quite concerning.
Moreover, as outlined via some reports, the app used to push its users to watch adverts and pay a subscription fee in order to view more accounts on its shady network.
The question is…
Did it hack every account?
Was every account on the platform at risk?
I would say, not really.
Although I condemn breaching someone’s privacy, the sharp tactic that the app followed was indeed unique.
The bottom line is, you cannot find every single account that was set private on the Instagram platform. It used to just scale its pool where it had more than 20 million+ Instagram accounts.
So in case if a user is in the loop directly, or indirectly, their account was accessible to anyone who searched for you on Ghostly.
While on the other hand, if a user didn’t follow anyone or didn’t even have any connection to someone who used this application.
You were safe!
The issue regarding this app was first reported via ‘Android Police’ who took some action and mentioned it on its blog-
“We’ve found another service called Ghosty that takes advantage of Instagram’s API to create a stalker paradise. By crowdsourcing the data of all of its users’ Instagram accounts, it lets anyone view many private profiles.”
It further pointed- “The app shamelessly exploits their desire to access more private accounts and makes them pay for bundles or watch ads.”
The app certainly breached more than one privacy terms and conditions that pose a question on Instagram and parent-company Facebook of not being able to find such a shady app that has been exploiting their user’s privacy.
There are even some rumors that the app may ban some users from the platform who shared their credentials with the ‘Ghosty’ app (although there are no such official statements yet).
A Facebook’s Spokesperson said:
“Yes, this app violates our terms. This functionality has never been available through our API. We will be sending a cease and desist letter to Ghosty ordering them to immediately stop their activities on Instagram, among other requests. We are investigating and planning further enforcement relating to this developer.”
Additionally, the company further pointed-
“You can’t attempt to buy, sell, or transfer any aspect of your account (including your username) or solicit, collect, or use login credentials or badges of other users.”
It came as a surprise that the app that breached so many privacy terms was never found by Facebook or even Google.
Fortunately, the app was removed from Google Play Store following FB’s cease and desist letter. Although it is not
clear for now if the app was removed via Google’s play store or the developer himself pulled the app.
By the way…
Did you hear of this app?
Or, you ever used it?
Whichever the case, make sure to let me know in the comments down below if you know more about it.
And please do share if you liked it!
See you next time!
Read More- Manage Third-Party Apps with Instagram’s New Security Feature!
Read More- Instagram Spies??? This is What CEO Adam Mosseri Says!