top of page
Search

Chennai Techie Wins $10,000 After Finding Security Flaw in Instagram Again

Updated: Aug 27, 2019

Barely a month after winning $30,000 from Facebook for spotting a security flaw in Instagram, Chennai-based cyber-security researcher, Laxman Muthiyah, claimed to have won a further $10,000 from the tech giant for finding and reporting a new ‘account-takeover vulnerability’ in the photo and video-sharing platform. The new vulnerability was reportedly similar to the one he reported in July and, allowed hackers to access people’s Instagram accounts without their consent.

According to him, the vulnerability arose from the fact that Instagram was not using unique device IDs to validate password-reset codes requested by users. Once he found that the same device IDs were being used to request multiple pass codes of different users, he developed a proof-of-concept demo that showed the flaw can be exploited to hack random Instagram accounts.

Facebook has now fixed the vulnerability following his report, said Muthiyah. “Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme”, he said. “You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery”, Facebook reportedly said in a letter to Muthiyah.


Instagram on mobile phone

 
 
 

Recent Posts

See All
Steal the deal

Time to upgrade from traditional HDD to SSD. The deal couldn't have been better. The best deal on SSD is here. Product : Western Digital...

 
 
 

Comentarios


500 Terry Francois Street San Francisco, CA 94158

+91-9401610580

  • linkedin
  • facebook
  • twitter
  • youtube
  • twitter

©2019 by TechXtra. Proudly created by Arup Kumar Nath

bottom of page