Chennai based security researcher, Laxman Muthiyah has discovered a new account takeover vulnerability in Instagram. Hardly a month before spotting a flaw in Facebook, won $30,000 from Facebook. This time, he found jeopardy on the photo and video-sharing app and won $10,000 in reward. He won all the big prizes as social network’s bug bounty programme.
What was the vulnerability spotted by Laxman Muthiyah?
Mr. Laxman Muthiyah found that there is a peril in the Instagram accounts that can be hacked without consent permission. This vulnerability is similar to the one he reported in July.
Facebook has now fixed the peril that Laxman Muthiyah reported.
He found that same device ID, which is the unique identifier used by Instagram server to validate the password reset codes. This same code can use to request multiple pass codes of different users. Laxman show this to experts that this vulnerability can be utilized to hack Instagram accounts.
Facebook inform on a letter to Muthiyah that,”You identified insufficient protections on a recovery endpoint.” This can allow an attacker to generate numerous valid nonces to ten attempt recovery.
Mr Muthiyah said in a blog post that,”Facebook and Instagram security team fixed the issue and rewarded me $10,000 as a part of their bounty programme.”
Few queries related to social network’s bug bounty programme:
Why is there a bug bounty program?
A bug bounty program provides a platform to individuals for reporting bugs, especially those pertaining to exploits and vulnerabilities. In this bug bounty program many websites, organizations and software developers give recognition and compensation.
How much do bug bounty hunters make?
Approximately 12 per cent of ethical hackers using HackerOne earn at least $20,000 annually from bug bounties programs. Around 3 per cent hackers make more than $100,000 annually, and 1.1 per cent are making more than $350,000, according to a report.
Biggest ethical hackers community in the world?
HackerOne is the biggest hackers community in the world. This is a platform that connects penetration testers and cyber-security researchers with the businesses. Penetration testers and cyber security researchers found bugs in the companies software, websites, online platform, fix them and earn money.
What are bugs in software testing?
A software bug is an error, flaw, failure in a computer program or system that causes it to produce an unwanted result. This can be an incorrect result, or to behave in unintended ways.