Indian Security Researcher Wins Bug Bounty After Exposing a Flaw in Instagram

Share It On:

July 27, 2019, Kathmandu

Laxman Muthiyah who is an Indian security researcher has recently found a significant bug present in the Account Recovery Process of the popular social network, Instagram that could provide unauthorized access to potential hackers into someone else’s account.

He said that he discovered the existence of such a bug while researching the functioning of the account recovery process that allows any user to reset their password if they forget their previous password. He presented a video that shows how an attack can easily penetrate through the security provided by one of the top social sites and allow hackers to infiltrate one’s user account. Instagram’s Account recovery process was deemed vulnerable according to his research since it was the gateway for hackers to enter anyone’s user account.

While researching about the process, he told that he was unable to find any bug on Instagram’s web interface, whereas he discovered a strange behavior on the mobile platform. To reset one’s account, a user needs to enter his/her phone number where a 6-digit OTP will be sent to reset their password. He said that if a hacker tests the one million OTPs that can be made from the digits, then they can easily reset any user’s account. He hoped that Instagram had a maximum limit to the OTP request to prevent such hacks but found out that no mechanism existed. The Facebook security team awarded him $30,000 for finding and reporting such a major bug.

Another researcher, Anurag Sen, discovered an unprotected server that contains information of millions of Instagram users, including various celebrities, and brands. He said that the server was leaked online and allowed access to anyone willing. The biodata, profile picture, number of followers, location, contact related to various Instagram accounts were available on the database that is housed by a social media marketing deploy, Chtrbox. The Mumbai based company was called in for investigation, and the database has already been taken down for security purposes.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a