Instagram API Vulnerability - Live Demonstration | PigaTech SoftCompany

🖼️

Instagram Profile Viewer

Complete Instagram profile viewer with beautiful UI. Extracts full profile data, posts gallery, images, and videos.

Full profile information (name, bio, followers)
Facebook ID (fbid) exposure
Recent posts gallery (images & videos)
Business account details with location
Links in bio extraction
HD profile picture and media proxy

🔍 Launch Profile Viewer →

📊

Mass Data Scraper

Demonstrate mass data extraction capability by fetching 10 Instagram profiles simultaneously without authentication.

10 profiles extracted in seconds
100% success rate (tested)
3.3+ Billion followers harvested
Full table view with statistics
JSON export capability
Facebook IDs exposed for all profiles

📈 Launch Mass Data Scraper →

⚡

Simple PHP Fetcher

Lightweight, minimal version showing the core vulnerability - complete profile data with just 2 headers, no authentication required.

Minimal code (simple implementation)
Quick API response demonstration
Raw JSON output display
Easy to understand PoC
Copy-paste ready for testing
Demonstrates core vulnerability

🚀 Launch Simple Fetcher →

📊 Vulnerability Impact Statistics

30+

Data Fields Exposed

600+

Profiles/Minute (Single IP)

100%

Extraction Success Rate

3.3B+

Followers Harvested (Demo)

8.6

CVSS Score (HIGH)

11/11

Facebook IDs Exposed

🔧 Technical Details

Vulnerable Endpoint

/api/v1/users/web_profile_info/?username={username}

Authentication Required

❌ NO

Access Token Needed

❌ NO

CVSS Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

👨‍🔬 Researcher Information

Researcher

Eves Vitus Sylvester

Organization

PigaTech SoftCompany

Report Date

May 30, 2026

Contact

info@pigatechsoft.com