INSTAGRAM recently patched up a critical security flaw that could have resulted in accounts being hacked even if the users hadn’t interacted with the cyber criminal.
A ‘bug bounty hunter’ has detailed how the critical vulnerability can be exploited on his YouTube channel and shown how a remote attacker could reset the password for any Instagram account and take full control.
Laxman Muthiyah found the bug and reported it to Instagram.
He then demonstrated to his followers how the password recovery mechanism on the Instagram mobile app could have once allowed hackers to gain access to an account.
This password recovery feature sends a six-digit secret code with a 10 minute expiry date to the mobile number or email address associated with the account so that the user can then use this to gain access.
Unfortunately, this also meant that one out of a million combinations can unlock any account if a hacker bypasses a rate limit set up by Instagram to prevent such attacks by sending multiple brute force requests from different IP addresses.
In Muthiyah’s YouTube video, he demonstrates how he tries 200,000 different pass code combinations at the same time and does not get blocked.
He received a $30,000 reward from Instagram as part of the company’s bug bounty program.
This bug may have been fixed by Instagram now but users are always highly advised to activate two factor authentication so the hackers will find it very difficult to get into your account.
Here's what you need to know...
In other news, Facebook and Instagram are getting worse as apps are ‘crashing 281% more’ this year.
Facebook’s secret Bitcoin ‘will be revealed on June 18’ – but experts think it may be used to spy on your purchases.
Are you concerned about the security of your Instagram account? Let us know in the comments…
We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368 . We pay for videos too. Click here to upload yours.