200 total views
Facebook has awarded $30,000 to an Indian hacker for discovering malicious bugs in the Instagram application.
The bug was discovered allowing anyone to view posts, stories, reels and IGTV without tracking the user, even if they are private.
Although Facebook has now resolved the issue, this bug, if not fixed, will allow hackers to illegally access users’ private photos and videos without tracking them.
Mayur Fartade lives in Solapur, Maharashtra state, India, who has skills like C++, Python, was able to discover a bug that allows hackers to view posts, stories, reels and IGTV without tracking people use, even if they make it private with Media ID.
He explained in a detailed Medium post that an attacker can also store photos, videos, and details about specific vehicles using Media IDs.
“User data may be improperly read. An attacker can regenerate valid cdn urls of archived stories and posts. In addition, with Media ID, an attacker can store detailed information about specific media and filters, which are both private and stored,” Fartade shared.
Information obtained from Instagram may also be used to access Facebook pages associated with an Instagram account.
Fartade first reported the Instagram bug on April 16. Three days later he received a response from Facebook asking him for more information. On April 29, Facebook patched this security hole. On June 15, he received a bonus of $30,000.
In a letter to Fartade, Facebook thanked him for the discovery: “After reviewing the matter, we have decided to award you a bounty of $30,000… Your report highlights a possible scenario for allow hackers to view targeted vehicles on Instagram. This script will require the attacker to know the specific vehicle ID. We have fixed this problem. Thank you again for this discovery. We look forward to more discoveries in the near future!”
Fartade (21 years old, computer science student), shared that he tried using Instagram for a week but initially did not find any holes. However, after a closer look at features such as insights and ads, Fartade discovered the malicious bug.
Fartade wants to be a software developer in the future.
#Facebook #offers #reward #hackers #discover #security #flaws #Instagram