Kumari Palany & Co

No. of views : (4998)

Bug found in Instagram, Chennai techie wins 30,000 USD

Posted on: 19/Jul/2019 10:05:11 AM
As a part of bug bounty programme, Chennai city based security researcher, Mr. Laxman Muthiah, has won 30,000 USD. He has become cynosure of many eyes now.

The point is this techie spotted a bug in the FB owned photo sharing app instagram. Two persons who played vital roles in creation of Instagram are Kevin Systrom and Mike Kreiger is known.

Mr. Laxman Muthiah spoke about how vulnerability enabled him to hack any account in Instagram. By triggering a password reset, requesting recovery code, quickly trying out possibly recovery codes against the account, it was possible to take someones Instagram account.

It must be noted that he reported the vulnerability to the Facebook security team and the team were unable to reproduce it initially due to lack of information in his report.

Point is Laxman Muthaiah was able to convince the FB security team through few emails and proof of concept video. The superb information is FB and Instagram security teams fixed the issue and later gave 30,000 USD to Mr. Laxman Muthiah.

Apart from data deletion flaw, this Chennai techie has also been responsible for identifying data disclosure bug on FB. Information gathered is first bug could have deleted users photographs and the second bug could have tricked FB user into installing mobile phone app that could go through all the photos.

It was later pointed out by a senior technologist at cyber security major Sophos, Mr. Paul Ducklin that the vulnerability found by Mr. Laxman Muthiah no longer exists. He added that the users must familiarise themselves with the process of getting back control of their social media accounts in case if they are hacked by someone. In a statement, Mr. Ducklin had mentioned that documents or usage history must be readied before the account gets hacked and not later.