szilak.com

Instagram Private Profile Deanonymization

:osint:instagram:privacy:
<2025-09-18>

Summary   ATTACH

If a private profile has a collaboration post with a public profile it is possible to access the post and the collaborators without authentication, only by knowing the private profile's username, thus expand the possible connections to the target of the investigation.

By opening https://www.instagram.com/szh4ck3r/ (unauthenticated) the browser will make a request to https://www.instagram.com/api/v1/users/web_profile_info/?username=szh4ck3r (old instagram API) which would list the user's collaboration posts with public profiles.

Screenshot 2025-04-21 at 17.24.11.png
Screenshot 2025-04-21 at 17.53.59.png

AuthN-ed but not following   ATTACH

GQL api get feed: Screenshot 2025-05-21 at 18.40.22.png

  • Literally nothing lmao

AuthN-ed and following   ATTACH

Screenshot 2025-05-21 at 18.44.46.png
  • Obv. listed

AuthN-ed history of reqs   ATTACH

Screenshot 2025-05-21 at 18.45.53.png

UnauthN-ed   ATTACH

Screenshot 2025-05-21 at 18.47.48.png
  • Ohshi w(hy)tf

For tha Xtra lulz – AuthN-ed direct APIreq   ATTACH

Screenshot 2025-05-21 at 18.57.02.png
  • no szh4ck"
    • aka Unauth is the new auth

Response   ATTACH

Screenshot 2025-05-20 at 20.12.13.png
  • Haha it's just intentional behavior get fkd retard
Creative Commons License
szilak.com by Mate Szilak is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.