Chennai man finds hack-prone Instagram flaw, wins Rs 20 lakh

  • | Friday | 19th July, 2019

By IANSNEW DELHI: Chennai-based security researcher Laxman Muthiyah has won USD 30,000 as a part of a bug bounty programme after he spotted a flaw in Facebook-owned photo-sharing app Instagram. Muthiyah said the vulnerability allowed him to "hack any Instagram account without consent permission." "I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. Facebook and Instagram security teams fixed the issue and rewarded me USD 30,000 as a part of their bounty programme, he added. "To be clear: he found those holes in compliance with Facebook's Bug Bounty programme, and he disclosed them responsibly to Facebook," Ducklin said.

By IANS NEW DELHI: Chennai-based security researcher Laxman Muthiyah has won USD 30,000 as a part of a bug bounty programme after he spotted a flaw in Facebook-owned photo-sharing app Instagram. Muthiyah said the vulnerability allowed him to "hack any Instagram account without consent permission." He discovered it was possible to take over someone's Instagram account by triggering a password reset, requesting a recovery code, or quickly trying out possible recovery codes against the account. "I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible," Muthiyah wrote in a blog post this week. Facebook and Instagram security teams fixed the issue and rewarded me USD 30,000 as a part of their bounty programme, he added. Paul Ducklin, Senior Technologist at cybersecurity major Sophos, however, warned while the vulnerability found by Muthiyah no longer existed, users should familiarise themselves with the process of getting back control of their social media accounts, in case they get hacked. "In case any of your accounts do get taken over, familiarise yourself with the process you'd follow to win them back. In particular, if there are documents or usage history that might help your case, get them ready before you get hacked, not afterwards," Ducklin said in a statement. Muthiyah earlier identified not only a data deletion flaw but also a data disclosure bug on Facebook. The first bug could have zapped all your photos without knowing your password; the second meant tricking you to install an innocent-looking mobile app that could riffle through all your Facebook pictures without being given access to your account. "To be clear: he found those holes in compliance with Facebook's Bug Bounty programme, and he disclosed them responsibly to Facebook," Ducklin said. "As a result, Facebook was able to fix the problems before the bugs became public, and (as far as anyone knows) these bugs were patched before anyone else found them," he remarked.

If You Like This Story, Support NYOOOZ

NYOOOZ SUPPORTER

₹ 10 - ₹ 1000

NYOOOZ FRIEND

₹ 2000 - ₹ 5000

Your support to NYOOOZ will help us to continue create and publish news for and from smaller cities, which also need equal voice as much as citizens living in bigger cities have through mainstream media organizations.


Stay updated with all the Chennai Latest News headlines here. For more exclusive & live news updates from all around India, stay connected with NYOOOZ.

Related Articles
Chennai man finds hack-prone Instagram flaw, wins Rs 20 lakh
  • Friday | 19th July, 2019
Socomec's New UPS - MODULYS XL - Recognised by Frost & Sullivan's 'New Product Innovation' Award
  • Friday | 19th June, 2020
Indian Composer Ganesh B Kumar's 'Spirit of Humanity', Set for a Grand Worldwide Launch
  • Thursday | 11th June, 2020
DMK MLA Anbazhagan passes away at 61, he had coronavirus
  • Wednesday | 10th June, 2020