Laxman Muthiyah, a Chennai-based security researcher has saved Instagram from a vulnerable “hacking bug” by spotting out flaws in Facebook-owned Instagram. Muthiyah has also won USD 30,000 (Roughly Rs 20,64,390) as part of a bug bounty programme.
On Instagram, the bug allowed hacking any Instagram account without consent permission. Muthiyah discovered that it was possible to take over someone's Instagram account by triggering a password reset, requesting a recovery code, or quickly trying out possible recovery codes against the account.
In a blog, the Chennai-based security researcher wrote, “I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible.”
Further adding, he wrote, “Facebook and Instagram security teams fixed the issue and rewarded me $30,000 as a part of their bounty programme.”
Muthiyah was not only able to identify a data deletion flaw, but he also spotted a data disclosure bug on Facebook which could have erased all your photos without even knowing your password. The bug was meant for tricking users in installing a third-party app which could shuffle through all your uploaded pictures without even being given access to the account.
