Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / India News / Chennai techie finds Instagram bug, again; wins Rs. 7 lakh
  • India

    Chennai techie finds Instagram bug, again; wins Rs. 7 lakh

    Siddhant Pandey
    Written by
    Siddhant Pandey
    Twitter
    Last updated on Aug 27, 2019, 12:28 pm
    Chennai techie finds Instagram bug, again; wins Rs. 7 lakh
  • A Chennai-based security researcher was awarded $10,000 (Rs. 7.18 lakh) for discovering a bug on the photo/video sharing application, Instagram.

    According to reports, the researcher, Laxman Muthiyah, pointed out a new account takeover vulnerability on Instagram, which allowed anyone to hack into a user's Instagram account without consent.

    Muthiyah was awarded as part of Instagram's bug bounty program.

    Here's more about the development.

  • In this article
    What was the bug? Anyone could hack million accounts by requesting million 6-digit-long passcodes Facebook has since fixed the bug, thanked the techie "I thank Facebook security team for rewarding me" Muthiyah hacked Instagram once before too; had won Rs. 21L
  • Details

    What was the bug?

    What was the bug?
  • In a blog post, Muthiyah detailed how someone could exploit the bug to hack several users' Instagram accounts.

    He discovered that the same device ID - a unique identifier used by the Instagram server to validate password reset codes- can be used to generate multiple passcodes of different users.

    He added that anyone can hack a million accounts with 100% success rate, exploiting the bug.

  • Information

    Anyone could hack million accounts by requesting million 6-digit-long passcodes

  • The 6-digit long passcodes have only one million different probabilities. Accordingly, by requesting passcodes for 1 million users, anyone can hack all 1 million accounts by incrementing the passcodes one-by-one, given the attack happens within 10 minutes (reset passcodes are only valid for 10 minutes).

  • Response

    Facebook has since fixed the bug, thanked the techie

    Facebook has since fixed the bug, thanked the techie
  • After Muthiyah pointed out the bug, Facebook fixed the error, and thanked him.

    It said that it looked forward to more such reports from him in the future, as it helped strengthen the social network's security.

    Facebook sent a letter to Muthiyah, saying, "You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery."

  • Quote

    "I thank Facebook security team for rewarding me"

  • In the blog post, Muthiyah wrote, "Facebook and Instagram security team fixed the issue and rewarded me $10,000 as a part of their bounty program." He added, "I thank Facebook security team for rewarding me through their bug bounty program."

  • History

    Muthiyah hacked Instagram once before too; had won Rs. 21L

    Muthiyah hacked Instagram once before too; had won Rs. 21L
  • Last month, too, Muthiyah had found a similar vulnerability on Instagram, which left accounts prone to hacking.

    This account takeover vulnerability was also related to new password requests.

    Initially, Facebook was unable to reproduce the attack, but after Muthiyah convinced them that the attack is feasible through "a few emails and solid proof of concept video," he was awarded $30,000 (roughly Rs. 21.6 lakh).

  • Chennai
  • Facebook
  • Instagram
  • Technology
  •  
Latest News
  • US FDA grants emergency use authorization for J&J's COVID-19 vaccine
    US FDA grants emergency use authorization for J&J's COVID-19 vaccine
    World
  • Prince Harry's James Corden interview caused ''disquiet' at Buckingham Palace?
    Prince Harry's James Corden interview caused ''disquiet' at Buckingham Palace?
    Entertainment
  • Samsung Galaxy M31s becomes cheaper; now starts at Rs. 18,500
    Samsung Galaxy M31s becomes cheaper; now starts at Rs. 18,500
    Science
  • 'Baahubali' writer roped in for 'Sita - The Incarnation'
    'Baahubali' writer roped in for 'Sita - The Incarnation'
    Entertainment
  • BS6 Kawasaki Ninja 300's colors and engine details revealed
    BS6 Kawasaki Ninja 300's colors and engine details revealed
    Auto
Related Timelines
  • Instagram vulnerability could have led to account hijacks; now fixed
    Instagram vulnerability could have led to account hijacks; now fixed
    Science
Trending Topics
ISRO Vaccine Farmers Protest
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love India news?

Subscribe to stay updated.

India Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News YouTube Hollywood News WhatsApp Bollywood News ISRO Yoga Honda Batman Football News
BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota Fashion Tips Farmers Protest Mohammed Bin Salman
Mercedes Europa League Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics Avengers Neha Kakkar
Premier League Big Bang Theory X-Men TATA
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021