Facebook has awarded a Tamil Nadu-based security researcher, named Laxman Muthiyah for spotting a major bug in Instagram. The company gave $30,000 as a part of a bug bounty program after he spotted a flaw in Facebook‘s photo-sharing Instagram app. The researcher said that the vulnerability allowed him to “hack any Instagram account without consent permission.”
The security researcher asserted that hacking anyone’s Instagram account was easy by just triggering a password reset, requesting a recovery code. “I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible,” Muthiyah wrote in a blog post.
He further said that the security teams of Facebook and Instagram resolved that issue and awarded him $30,000 as a part of the social giant’s bounty program. Paul Ducklin, Senior Technologist at cybersecurity major Sophos, however, warned while the vulnerability found by Muthiyah no longer existed, users should familiarise themselves with the process of getting back control of their social media accounts, in case they get hacked.
“In case any of your accounts do get taken over, familiarise yourself with the process you’d follow to win them back. In particular, if there are documents or usage history that might help your case, get them ready before you get hacked, not afterwards,” Ducklin said. Besides, this is not the first that Muthiyah has spotted a flaw. He earlier identified a data deletion flaw as well as a data disclosure bug on Facebook.
“To be clear: he found those holes in compliance with Facebook’s Bug Bounty programme, and he disclosed them responsibly to Facebook,” Ducklin said. “As a result, Facebook was able to fix the problems before the bugs became public, and (as far as anyone knows) these bugs were patched before anyone else found them,” he remarked.
Besides, in June, the social media giant awarded a 22-year-old engineer from Manipur for detecting a bug in WhatsApp. Facebook reportedly gave Zonel Sougaijam $5000 (approximately Rs 3.4 lakh) for spotting the flaw in the company’s messaging app. Furthermore, the company also added him in “Facebook Hall of Fame 2019.” The latter so far has 96 people for “making a responsible disclosure” to Facebook.
– With inputs from IANS