Thursday February 20, 2020
Home Lead Story Chennai Techi...

Chennai Techie Wins $10,000 After Finding Flaw in Instagram

He showed that this vulnerability can be exploited to hack Instagram accounts

0
//
facebook, social media
Facebook, Messenger and Instagram apps are displayed on an iPhone, March 13, 2019, in New York. VOA

Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram, Chennai-based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app. This time he has won $10,000 as part of the social network’s bug bounty programme.

The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.

Facebook has now fixed the vulnerability that Muthiyah reported.

“Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme,” Muthiyah said in a blog post.

facebook privacy
FILE – The Instagram icon is displayed on a mobile screen in Los Angeles. VOA

Muthiyah found that the same device ID – the unique identifier used by Instagram server to validate password reset codes – can be used to request multiple pass codes of different users.

Also Read: Tech Giant Microsoft to Pay Hackers for Bug Bounty Programme

He showed that this vulnerability can be exploited to hack Instagram accounts.

“You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery,” Facebook said in a letter to Muthiyah. (IANS)

Next Story

Facebook Removes Fake Accounts From Russia, Iran, Vietnam and Myanmar

Facebook purges more fake accounts from Russia, Iran

0
facebook
) Facebook has removed three networks of accounts, Pages and Groups for engaging in foreign or government interference on Facebook and Instagram. Pixabay

Facebook has removed three networks of accounts, Pages and Groups for engaging in foreign or government interference on Facebook and Instagram that originated in Russia, Iran, Vietnam and Myanmar.

The first operation originated in Russia and primarily targeted Ukraine and its neighbouring countries and the second originated in Iran and focused mainly on the US.

“The third network originated in Myanmar and Vietnam and targeted audiences in Myanmar. Each of them created networks of accounts to mislead others about who they were and what they were doing,” Nathaniel Gleicher, Head of Security Policy, said in a blog post late Wednesday.

Facebook removed 78 accounts, 11 Pages, 29 Groups and four Instagram accounts in Russia for violating its policy against foreign or government interference.

facebook
Facebook also removed 6 Facebook accounts and 5 Instagram accounts that were involved in foreign interference as part of a small network originating in Iran that primarily focused on the US. Pixabay

Some of these accounts represented themselves as citizen journalists and tried to contact policymakers, journalists and other public figures in the region.

“Although the people behind this network attempted to conceal their identities and coordination, our investigation found links to Russian military intelligence services,” said Gleicher.

Facebook also removed 6 Facebook accounts and 5 Instagram accounts that were involved in foreign interference as part of a small network originating in Iran that primarily focused on the US.

They shared posts about political news and geopolitics including topics like the US elections, Christianity, US-Iran relations, US immigration policy, criticism of US policies in the Middle East and public figures.

“Finally, we removed 13 Facebook accounts and 10 Pages for violating our policy against coordinated inauthentic behaviour. This Myanmar-focused activity originated in Myanmar and Vietnam,” said the company.

Also Read- WhatsApp Strongly Defends Encryption Feature as Now its User Base Increases to 2 Billion Globally

The individuals behind this network used fake accounts to manage Pages posing as independent telecom consumer news hubs. They also purported to be customers of some of the telecom providers in Myanmar posting critical commentary about those companies and their services.

The investigation found links to two telecom providers — Mytel in Myanmar and Viettel in Vietnam, and Gapit Communications, a PR firm in Vietnam. (IANS)