Hometechnology News

    Instagram bug finder from Chennai awarded $10,000 by Facebook

    Instagram bug finder from Chennai awarded $10,000 by Facebook

    Instagram bug finder from Chennai awarded $10,000 by Facebook
    Profile image

    By Anay Mridul   IST (Published)

    Mini

    Instagram parent Facebook has awarded Chennai-based security researcher Laxman Muthiyah a bounty of $10,000 for spotting a flaw on Instagram, just a month after paying him $30,000 for finding a similar bug.

    Instagram parent Facebook has awarded Chennai-based security researcher Laxman Muthiyah a bounty of $10,000 for spotting a flaw on Instagram, just a month after paying him $30,000 for finding a similar bug.
    In July, Muthiyah, a white hat hacker, discovered a vulnerability in Instagram’s security that allowed him to hack any account without consent. Via his hacking blog The Zero Hack, he explained how it was possible to take over someone’s Instagram account by triggering a password reset, requesting a recovery code, or quickly entering in possible recovery codes against the account.
    Facebook, which acquired Instagram in 2012, recognised and fixed the issue, giving him a payoff of $30,000 (about Rs 21.5 lakh) as part of its bug bounty programme.
    Now, in a new blog post, Muthiyah — who is a computer engineering graduate from Sri Venkateshwara College of Engineering and Technology in Andhra Pradesh — has documented a similar issue in the photo-sharing app.
    Explaining the defect, he said that the same device ID — the unique identifier Instagram servers users to validate codes for password resets — can be used to request multiple passcodes for different users. This, he said, could potentially be exploited to hack accounts.
    In a letter to Muthiyah, the California-based social media giant wrote: “You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery.” They awarded him $10,000 (about Rs 7.2 lakh) for identifying the bug.
    Facebook’s bug bounty scheme is part of a larger effort by technology companies to discover flaws in their programming, servers and security measures. They encourage friendly, ‘white hat’ hackers across the globe to find these issues, and act accordingly to fix them. Since introducing its programme in 2011, Facebook has paid out a total of $7.5 million in bug bounties.
    Recently, Apple came under the spotlight after expanding its bounty to up to $1.5 million for vulnerabilities in the iPhone’s operating system, iOS.
    arrow down

      Market Movers

      View All
      CompanyPriceChng%Chng