Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?

Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?

SUMMARY

An Indian security researcher discovered a bug that allows hackers to hack into multiple Instagram accounts

A security researcher had discovered a similar flaw last month

The flaw has been acknowledged and fixed by Facebook

Chennai-based security researcher Laxman Muthiyah on Monday found a bug in the Facebook-owned Instagram, which allows anyone to hack the popular photo-sharing social networking service. The revelation came barely a month after reporting a similar flaw in Instagram.

Muthiyah found that the same device ID, the unique identifier used by the Instagram server to validate password reset code, can be used to request multiple passcodes of different users. He showed that this bug can easily be used to hack multiple Instagram account.

Muthiya, in a blog post, wrote, “there are one Mn possibilities for a 6 digit passcode that is between 000000 to 999999. When a hacker requests a passcode to change password, they are increasing the probability of hacking into an account.”

He further explained that if the hackers request passcode for 100 K users using the same device, there is a 10% success rate as 100 K codes are issued the same device. However, If the hackers request the passcode for 1 Mn users, they will be able to hack all 1 Mn accounts by incrementing the passcode.

“You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery,” Facebook said, in a letter to Muthiyah.

The bug has been fixed by Facebook security team and Instagram cannot be hacked using the same vulnerabilities.

Muthiyah won a $10 K as a part for discovering the new flaw as a part of the social network’s bug bounty programme. The programme was launched in 2011 to recognise and compensate security researchers around the globe. The programme aimed at improving the security controls of the platform and its subsidiaries.

Last Month, Muthiyah had won $30 K for discovering the other bug which allowed hacking of accounts using the same password reset option.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?-Inc42 Media
Indian Researcher Discovers Another Instagram Bug: Are Your Photos, Videos Safe?-Inc42 Media
You’re in Good company