Updated: Jul 21, 2019
Chennai-based security man of science Laxman Muthiyah has won $30,000 as a section of a bug bounty programme once he noticed a flaw in Facebook-owned photo-sharing app Instagram.
Muthiyah aforementioned the vulnerability allowed him to “hack any Instagram account while not consent permission”.
He discovered it had been doable to require over someone’s Instagram account by triggering a word reset, requesting a recovery code, or quickly attempting out doable recovery codes against the account.
“I rumored the vulnerability to the Facebook security team and that they were unable to breed it at the start because of lack of knowledge in my report. once some email and proof of idea video, I might win over them the attack is possible,” Muthiyah wrote in an exceedingly journal post in the week.
Muthiyah earlier known not solely an information deletion flaw, however conjointly an information revealing bug on Facebook.
The first bug will take away all of your photos while not knowing your password; the second meant tricking you to put in associate innocent-looking mobile app that might riffle through all of your Facebook footage while not being given access to your account.
“To be clear: he found those holes in compliance with Facebook’s Bug Bounty programme, and he disclosed them responsibly to Facebook,” Ducklin aforementioned.
“As a result, Facebook was able to fix the issues before the bugs became public, and (as way as anyone knows) these bugs were patched before anyone else found them,” he remarked.
Follow us on instagram:- https://www.instagram.com/boredprogrammers