Search This Blog

Security researcher awarded $30,000 for spotting a privacy bug in Instagram





A security researcher from India has won $30,000 in a bug bounty program after he found a flaw in Facebook-owned photo-sharing app Instagram.

Laxman Muthiyah discovered a vulnerability that allowed him to hack any Instagram account without consent permission."

He took over someone's Instagram account by clicking on forget the password or requesting a recovery code against the account.

"I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible," Muthiyah wrote in a blog post. 

The company’s security teams fixed the issue and rewarded the researcher $30,000 as a part of their bounty program.

However, a senior technologist at cybersecurity major Sophos, Paul Ducklin, said that the vulnerability found by Muthiyah no longer existed, and users should get back control for their hacked accounts. 


"In case any of your accounts do get taken over, familiarise yourself with the process you'd follow to win them back. In particular, if there are documents or usage history that might help your case, get them ready before you get hacked, not afterward," Ducklin said in a statement.

Share it:

Facebook Bug bounty

Instagram

Password Crackers