Security researcher Laxman Muthiyah just hit a jackpot that is worth all of $30,000! This, after he spotted a flaw in the Facebook owned photo-sharing application Instagram, as a part of a bug bounty program. The bug is alleged to have allowed attackers or hackers to break into user's accounts of the social networking platform. 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The Indian security researcher stated that platform's vulnerability allowed him to hack into any Instagram account without any consent or permission. He states that one can take over another person's account by triggering a password reset, requesting a recovery code, or quickly trying out possible recovery codes against the account.

Laxman Muthiyah had reported the vulnerability to the Facebook security team. However, they were unable to act on it due to lack of information in Muthiyah's report. Post several email and proof of concept, he was able to to convince them that the attack is resolvable. 

Paul Ducklin, Senior Technologist at cyber security major Sophos, commented that the problem notified by Muthiyah no longer exists. However, he has warned the users should get familiar with getting control of their social media accounts, in case their account gets hacked. In other words, he recommends that if there are documents or usage history that can help your case, keep them handy. 

Laxman Muthiyah not only identified a data deletion error but also a data disclosure bug on Facebook. The first bug could zap users photos without password while the second tricked you to install a mobile application that could toss and turn your Facebook data without giving access to the account. 

Ducklin commented that Laxman Muthiyah found those holes in compliance with Facebook`s Bug Bounty program, and he disclosed them responsibly to Facebook. He stated that with his report, Facebook was able to fix the problem before the bug hit the public forum, by patching the bugs.