TechLair

  • Home
  • contact
  • About
  • Privacy Policy

Chennai Techie Wins $10,000 After Finding Security Flaw in Instagram Again

Monday, August 26, 2019 by Piyush Suthar | Comments

Home News Tech Chennai Techie Wins $10,000 After Finding Security Flaw in Instagram Again

5 Ways to Download Instagram Videos in 2019

Barely a month after winning $30,000 from Facebook for spotting a security flaw in Instagram, Chennai-based cyber-security researcher, Laxman Muthiyah, claimed to have won a further $10,000 from the tech giant for finding and reporting a new ‘account-takeover vulnerability’ in the photo and video-sharing platform. The new vulnerability was reportedly similar to the one he reported in July and, allowed hackers to access people’s Instagram accounts without their consent.

According to him, the vulnerability arose from the fact that Instagram was not using unique device IDs to validate password-reset codes requested by users. Once he found that the same device IDs were being used to request multiple pass codes of different users, he developed a proof-of-concept demo that showed the flaw can be exploited to hack random Instagram accounts.

Facebook has now fixed the vulnerability following his report, said Muthiyah. “Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme”, he said. “You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery”, Facebook reportedly said in a letter to Muthiyah.

Muthiyah last month won $30,000 from Facebook for discovering that it was possible to take over someone’s Instagram account by triggering a password reset, requesting a recovery code, or quickly trying out possible recovery codes against the account. “I reported the vulnerability to the Facebook security team and … after a few email and proof of concept video, I could convince them the attack is feasible”, he wrote in a blog post.

With inputs from IANS


Authored by Piyush Suthar
Pro Blogger


Follow me on Twitter, Facebook, Google+, YouTube.

Load comments
  • Newer Post
  • Home
  • Older Post
  • techlair
    Over 1,500+ Readers

    Get fresh content from TechLair

    brand222 facebook brand2 envelope-o

    BEST OF TechLair

    Oppo, OnePlus, Huawei Rank Higher Than Xiaomi, Samsung in Customer Satisfaction Survey
    Asus’ new Zenfone 6 has a flip-up camera and a 5000mAh battery
    Customer experience is about emotion, not technology
    Unofficial Android Pie Ports Now Available For OnePlus, Moto, Asus and Redmi Phones


    Copyright © 2019 TechLair. All rights reserved.
    Privacy Policy • DMCA • Contact