Security experts share key advice as Instagram DMs are no longer 'private' after huge change

Security experts have shared their advice following changes made by Meta to Instagram DMs that mean messages might not be as private as you may think.

The social media provider, who also own Facebook and WhatsApp, removed end-to-end encryption (E2EE) on Instagram last week after introducing it as an opt-in feature on the platform in 2023.

But Meta reported a low uptake of the feature and has decided to scrap it entirely.

And while many may not see it as a big deal, security experts speaking to the Metro have expressed their concerns and offered their key advice to Instagram users ahead of the move.

E2EE is designed to keep messages entirely private, with texts being sent through unreadable code until it reaches the receiver.

This means the message cannot be read by anyone in-between, including the app itself, as well as potential hackers and internet providers.

Messages on Instagram have changed (Nikolas Kokovlis/NurPhoto via Getty Images)

Kamran Bahdur, technical director at FLR Spectron, explained to the outlet that the latest update to Instagram means messages on the app ‘are not fully as private as you may think’.

"Without encryption, Meta can access, scan, store, and display message content," Bahdur explained.

"Messages can also be used for AI purposes [to train large language models]."

The expert is recommending Instagram users to take 'sensitive conversations' to other messaging services like WhatsApp, which has the E2EE feature in play.

So, that means conversations which involve bank details, National Insurance numbers, medical information, or private addresses should not be said on Instagram, according to experts.

Javvad Malik, who works as a cybersecurity advisor at KnowBe4, described Instagram DMs as 'more like postcards than locked boxes'.

Security experts have been speaking about Instagram DMs (Samuel Boivin/NurPhoto via Getty Images)

The expert added: "Most people aren’t sending state secrets, but privacy isn’t about guilt. It’s about boundaries.

"You close your curtains at home not because you’re doing something illegal, but because you don’t want strangers looking in."

Javvad is even recommending users delete any sensitive messages from their Instagram just to be on the safe side.

He added: "Privacy is not one setting. The danger is not just one message, but the pattern. A scammer, stalker, data broker or hostile partner does not need your whole life story in one go. They can build it from fragments. Instagram DMs often feel casual, but casual information can become very powerful in the wrong hands."

UNILAD has reached out to Meta for comment.