Instagram in security SSLip-up
Instagrammers were presented with a rather worrying message this afternoon when trying to log in to the social network, informing them their connection wasn’t secure.
Instagram relies on SSL (Secure Sockets Layer) to establish a secure connection between the user and the network’s servers, which is indicated by “https” in the address bar of the browser. This type of encryption allows sensitive data like credit card details, login information and messages to be sent and received without fear of someone intercepting them.
Websites using SSL are accredited by various official certification authorities (CAs) and typically last for one year before they need renewal – something that Instagram apparently forgot.
The problem was first spotted by Owen Williams at The Next Web, who found that on attempting to visit the Instagram website would-be visitors were informed their connection wasn’t private. Digging a little deeper, Williams discovered the problem was down to an expired SSL certificate.
If a user tries to navigate to a web page with an expired certificate, almost all browsers will automatically block the site and inform them of the dangers of a potentially unsecure connection or expired certificate.
The problem has since been resolved, but not before dozens of users had taken to Twitter to complain about the problem.
So the next time you renew your SSL licence, remember to put a note in your diary for 12 months time, just in case.