Instagram Ghost Users Could Cause Crashes

The manner in which Instagram defines user accounts is through an incremental Public Key Infrastructure (PKID) system, which means that it is actually quite easy for anyone that knows how to peak through to the source code of the website to figure out who the first accounts on Instagram belong to.

Generally speaking, when it comes to the first few accounts that have been set up on a social media site, the people that own these accounts are usually those that work at the company, with founders usually being the ones that get the honor of setting up the first accounts on any of the various major social media platforms that users of the internet tend to look into on a regular basis all in all.

This is true to Instagram as well, but only to a certain extent. If you check out the oldest accounts on Instagram, you would find that the third account ever made belongs to one of the co-founders of Instagram, namely Mike Krieger who no longer works for the company because of the fact that he had a few disagreements with the tech giant that now owns Instagram, i.e. Facebook.

However, while we can see clearly who the third oldest account on Instagram belongs to, the answers to the questions of who the first and second oldest accounts belong to is a little more mysterious. According to Valerio Brussani (a security researcher) if you were to check out PKID 1 and PKID 2, you would see that the accounts are quite unusual in a lot of different ways.


For starters, there is no name associated with the account in question. Much on the contrary, when you look into these accounts you would see that the name fields have empty spaces in them where numbers or letters should be. These “ghost users” are probably test accounts that the founders of Instagram created when their social media platform was still in its testing phase.

While it is fair for the co-founders to have created these dummy test accounts, the fact that the accounts still exist doesn’t bode well for the stability of the site as well as the app overall. The dangers of these accounts comes from their empty string usernames. Empty strings need to managed on the server side otherwise they could cause erratic behavior on the platform.
"Empty strings could be dangerous sometimes if not properly managed by server-side code: in fact my first idea was to find a way to make the Instagram application to crash, by exploiting bad parsing of the malformed data. However, it was even more interesting to find a way to remotely crash other Instagram accounts.", explained Brussani in a blog post.
Instagram really needs to check these old accounts out and make sure that they are taking the empty string usernames into account. That being said, this is only really necessary if the social media platform has a good reason for keeping these accounts around, because the fact of the matter is that they could just delete these accounts if there is no good reason for them to remain active on a platform that already has a vast number of users as well as features all of which need to be efficiently managed.

How two dead accounts allowed REMOTE CRASH of any Instagram android user
Photo: Chesnot via Getty Images

Read next: Instagram Copies the TikTok’s Icon, named “Clips”

No comments:

Post a Comment