Indian Security Researcher Wins Bug Bounty After Exposing a Flaw in Instagram

Share It On:

July 27, 2019, Kathmandu

Laxman Muthiyah who is an Indian security researcher has recently found a significant bug present in the Account Recovery Process of the popular social network, Instagram that could provide unauthorized access to potential hackers into someone else’s account.

He said that he discovered the existence of such a bug while researching the functioning of the account recovery process that allows any user to reset their password if they forget their previous password. He presented a video that shows how an attack can easily penetrate through the security provided by one of the top social sites and allow hackers to infiltrate one’s user account. Instagram’s Account recovery process was deemed vulnerable according to his research since it was the gateway for hackers to enter anyone’s user account.

While researching about the process, he told that he was unable to find any bug on Instagram’s web interface, whereas he discovered a strange behavior on the mobile platform. To reset one’s account, a user needs to enter his/her phone number where a 6-digit OTP will be sent to reset their password. He said that if a hacker tests the one million OTPs that can be made from the digits, then they can easily reset any user’s account. He hoped that Instagram had a maximum limit to the OTP request to prevent such hacks but found out that no mechanism existed. The Facebook security team awarded him $30,000 for finding and reporting such a major bug.

Another researcher, Anurag Sen, discovered an unprotected server that contains information of millions of Instagram users, including various celebrities, and brands. He said that the server was leaked online and allowed access to anyone willing. The biodata, profile picture, number of followers, location, contact related to various Instagram accounts were available on the database that is housed by a social media marketing deploy, Chtrbox. The Mumbai based company was called in for investigation, and the database has already been taken down for security purposes.


Share It On:

Recent Posts

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and Reproductive Health Policies

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and

Share It On: 21st November, Kathmandu Nepal is set to host the 6th Asian Population Conference from November 27 to

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining