Instagram bug could have allowed anyone to take over your account
Do you remember the name Laxman Muthiyah?
We certainly do, because we’ve written about his bug-hunting work before – for example, he’s uncovered not only a data deletion flaw but also a a data disclosure bug on Facebook.
The first bug meant he could have zapped all your photos without knowing your password; the second meant that he could have tricked you into installing an innocent-looking mobile app that could riffle through all your Facebook pictures without being given access to your account.
To be clear: he found those holes in compliance with Facebook’s Bug Bounty program, and he disclosed them responsibly to Facebook.
As a result, Facebook was able to fix the problems for everyone before the bugs became public, and (as far as anyone knows) these bugs were patched before anyone else found them.
Comments are closed.