- Bonakal: Farming has become a festival in CM K Chandrasekhar Rao regime says MP Nama Nageswara Rao
- 4th National Open Surfing challenge: TN lads walk away with top honours
- 14th Graduation Ceremony held at GITAM
- Carry Minati announces charity stream for Odisha train accident
- Genelia and Riteish Deshmukh celebrating Vat Purnima
- Lady Gaga on mental health benefits of make-up: ‘Sometimes it lifts my spirits’
- Tollywood celebrities express grief for Odisha train accident
- Rajniesh Duggall talks about his international debut with 'Postcards'
- Mahesh & Deepika Padukone were first choices of this blockbuster; reveals the director, producer
- iPhone 14 on sale for less than Rs 70,000; check
Indian Techie finds a bug in Instagram that let him hack any account
Muthiyah told that the vulnerability allowed him to “hack any Instagram account without consent permission.”
Recently Laxman Muthiyah, an Indian security researcher, found a bug in the Instagram app, which let him hack into any account on Instagram. He reported the bug to Instagram, Instagram awarded him with $30,000 as part of a bug bounty programme.
Muthiyah told that the vulnerability allowed him to "hack any Instagram account without consent permission."
He explained the hack was as simple as initiating a password reset, requesting for a recovery code, or quickly trying out possible recovery codes against the account.
Laxman Muthiyah wrote in a blog post, "Instagram forgot password endpoint is the first thing that came to my mind while looking for an account takeover vulnerability. I tried to reset my password on the Instagram web interface. They have a link-based password reset mechanism which is strong, and I couldn't find any bugs after a few minutes of testing. Then switched to their mobile recovery flow, where I was able to find a susceptible behaviour."
He further shared, "I reported the vulnerability to the Facebook security team, and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible."
Instagram's team has later fixed the bug.
Muthiyah also spotted the data deletion snag and a data disclosure bug for Facebook. The first bug had the potential to corrupt all your photos without knowing your password. While the second could trick you into installing an innocent-looking mobile app, which could sneak into all your photos without even granting access to your account.