A Chennai based security researcher has hit gold for finding a flaw in the famous photo sharing app Instagram, reports NDTV.
Laxman Muthiyah won $30,000 or ₹20,64,532 as part of a bug bounty programme for finding a vulnerability in the app, which allowed him to hack any Instagram account without the account holder’s permission.
He claimed he could take over any account by simply triggering a password reset, requesting a recovery code, or by quickly trying out multiple recovery codes against the account.
He added in his blog:
I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them that the attack is feasible.
Muthiyah not only found a data deletion flaw on Instagram, but also found a data disclosure bug on Facebook. For this, he was rewarded $30,000 by Facebook and Instagram’s security team.
The bug that Muthiyah had spotted no longer exists and the Tamil Nadu researcher was hailed for hacking the accounts ethically in compliance with Facebook’s Bug Bounty programme.
He disclosed the bugs responsibly to the respective agencies, nullifying the threat on millions of Instagram accounts that were earlier prone to being hacked.