Published on August 27th, 2019 📆 | 5605 Views ⚑0
Chennai Researcher Wins $10,000 For Finding Vulnerability In Instagram Again
Last month, it was reported that a Chennai-based researcher named Laxman Muthiyah received a reward of $30,000 (Rs. 21.6 lakhs) from Facebook for spotting a bug in Instagram. Now, on Monday he revealed that he has discovered a new vulnerability which will make it easier for hackers to get access of anyone’s account. This time he won $10,000 which is approx Rs. 7.2 lakhs as a part of a bug bounty program.
Back in July, Muthiyah spotted a similar bug which allows anyone to get access to any Instagram account without any permission. However, no need to worry because Facebook developers have taken care of the bug and the image and video sharing app is now safe to use.
“Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme,” Muthiyah said in a blog post.
In his research, Muthiyah found that the unique identifier used by the social media server to validate password reset codes, can also be used for requesting multiple passcodes for different users.
“You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery,” Facebook said in a letter to Muthiyah.
Last month, Muthiyah spotted a bug which allows hacked to get access to any Instagram account by triggering a password reset.
“I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible,” Muthiyah wrote in a blog post.
Under the bug bounty program Muthiyah has already won around Rs. 28.8 lakhs. Let’s see what else he is going to discover next and how much will he earn from the bug bounty program.
Best Mobiles in India
You have already subscribed