NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout


    India Business World Politics Sports Technology Entertainment Auto Lifestyle Inspirational Career Bengaluru Delhi Mumbai Visual Stories Find Cricket Statistics Phones Reviews Fitness Bands Reviews Speakers Reviews

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
     
    Home / News / India News / Chennai techie finds Instagram bug, again; wins Rs. 7 lakh
    Chennai techie finds Instagram bug, again; wins Rs. 7 lakh
    1/6
    India 2 min read

    Chennai techie finds Instagram bug, again; wins Rs. 7 lakh

    By Siddhant Pandey
    Aug 27, 2019
    12:28 pm
    Chennai techie finds Instagram bug, again; wins Rs. 7 lakh

    A Chennai-based security researcher was awarded $10,000 (Rs. 7.18 lakh) for discovering a bug on the photo/video sharing application, Instagram. According to reports, the researcher, Laxman Muthiyah, pointed out a new account takeover vulnerability on Instagram, which allowed anyone to hack into a user's Instagram account without consent. Muthiyah was awarded as part of Instagram's bug bounty program. Here's more about the development.

    2/6

    What was the bug?

    In a blog post, Muthiyah detailed how someone could exploit the bug to hack several users' Instagram accounts. He discovered that the same device ID - a unique identifier used by the Instagram server to validate password reset codes- can be used to generate multiple passcodes of different users. He added that anyone can hack a million accounts with 100% success rate, exploiting the bug.

    3/6

    Anyone could hack million accounts by requesting million 6-digit-long passcodes

    The 6-digit long passcodes have only one million different probabilities. Accordingly, by requesting passcodes for 1 million users, anyone can hack all 1 million accounts by incrementing the passcodes one-by-one, given the attack happens within 10 minutes (reset passcodes are only valid for 10 minutes).

    4/6

    Facebook has since fixed the bug, thanked the techie

    After Muthiyah pointed out the bug, Facebook fixed the error, and thanked him. It said that it looked forward to more such reports from him in the future, as it helped strengthen the social network's security. Facebook sent a letter to Muthiyah, saying, "You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery."

    5/6

    "I thank Facebook security team for rewarding me"

    In the blog post, Muthiyah wrote, "Facebook and Instagram security team fixed the issue and rewarded me $10,000 as a part of their bounty program." He added, "I thank Facebook security team for rewarding me through their bug bounty program."

    6/6

    Muthiyah hacked Instagram once before too; had won Rs. 21L

    Last month, too, Muthiyah had found a similar vulnerability on Instagram, which left accounts prone to hacking. This account takeover vulnerability was also related to new password requests. Initially, Facebook was unable to reproduce the attack, but after Muthiyah convinced them that the attack is feasible through "a few emails and solid proof of concept video," he was awarded $30,000 (roughly Rs. 21.6 lakh).

    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    Chennai
    Facebook
    Instagram
    Technology

    Chennai

    Engineer made 600 women send nudes for 5-star hotel job Hyderabad
    No confusion about consequences of scrapping Article 370: Amit Shah India
    7-year-old with rare condition has 526 teeth removed from jaw Tamil Nadu
    How MP Vijay Kumar's been helping CA-aspirants realize their dreams Pranab Mukherjee

    Facebook

    WhatsApp for Android, iOS to get these new features soon iOS
    Now, you can see what information websites/apps share with Facebook South Korea
    #Rebranding: WhatsApp gets 'WhatsApp from Facebook' tag Instagram
    Facebook paid people to listen, transcribe Messenger calls WhatsApp

    Instagram

    Sonam Kapoor has iodine deficiency: Here's how to prevent it Bollywood
    My marriage didn't end because of cheating, clarifies Miley Cyrus Miley Cyrus
    Gen Z members are making resumes like Instagram, Tinder profiles Ohio
    Now, get paid for finding apps which abuse Instagram data Security

    Technology

    PewDiePie hits 100 million subscribers on YouTube; congratulations pour in YouTube
    #CareerBytes: Want to join ISRO? Here's everything you should know India
    Now, cops can use this device to catch stoned drivers TechCrunch
    Love coffee? This robot makes 100 cups in an hour United States of America
    Next News Article

    Love India News?

    Subscribe to stay updated.

    India Thumbnail
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2023