Chennai Techie Wins $10,000 After Finding Security Flaw in Instagram

Barely a month after winning $30,000 from Facebook for spotting a security flaw in Instagram, Chennai-based cyber-security researcher, Laxman Muthiyah, claimed to have won a further $x,000 from the tech giant for finding and reporting a new 'account-takeover vulnerability' in the photograph and video-sharing platform. The new vulnerability was reportedly similar to the 1 he reported in July and, immune hackers to admission people'due south Instagram accounts without their consent.

Co-ordinate to him, the vulnerability arose from the fact that Instagram was not using unique device IDs to validate password-reset codes requested by users. Once he found that the same device IDs were being used to request multiple pass codes of different users, he developed a proof-of-concept demo that showed the flaw tin be exploited to hack random Instagram accounts.

Facebook has now fixed the vulnerability following his study, said Muthiyah. "Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their compensation programme", he said. "You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery", Facebook reportedly said in a letter to Muthiyah.

Muthiyah concluding month won $xxx,000 from Facebook for discovering that information technology was possible to take over someone'south Instagram account past triggering a password reset, requesting a recovery code, or speedily trying out possible recovery codes against the account. "I reported the vulnerability to the Facebook security team and … after a few e-mail and proof of concept video, I could convince them the attack is feasible", he wrote in a blog postal service.

With inputs from IANS