Private Instagram posts turn out not to be as private as you thought

Instagrammers with private accounts, listen up. Your photos and videos are not as concealed as you might imagine.

In a few clicks on a web browser, it’s possible for one of your followers to locate and share links to each and every one of your “private” images and videos, BuzzFeed revealed on Monday.

The relatively simple hack enables someone to locate the URL for an Instagram image or video by simply jumping into the site’s source code using a web browser like Google Chrome or Firefox.

In just a few steps, it’s possible to locate Instagram’s web address for a particular image or video, which could then be shared with others or used to download the content to a PC.

Anyone in possession of the URL can view the content — you don’t have to be signed up to Instagram. Furthermore, the owner of the private account will have no idea that their content is being grabbed, and possibly shared, in this way.

To be clear, only someone with access to a private account can grab the URL. Taking the next step of sharing the URL with someone who hasn’t been granted access by the account owner would clearly be a breach of trust, and once the link is “out there,” the account owner no longer has control over a particular image or video that was intended to be viewed only by their selected followers.

The URL for Instagram Stories can also be found, with the link reportedly staying active “for a couple of days” after a private Story expires or is deleted.

Of course, a follower who is keen to copy an image from a private account could simply grab a screenshot, or take a picture using their own phone. But the fact that it’s possible to locate a URL to private Instagram content — including videos — is likely to concern owners of private accounts who expect Instagram to have more robust privacy measures in place.

According to BuzzFeed’s report, the same flaw has also been found with private content on Facebook, which owns Instagram.

We’ve reached out to both Instagram and Facebook for a response to the security flaw and will update this article if we hear back.

Editors' Recommendations