Wednesday, Sep 29, 2021 | Last Update : 07:00 AM IST

  Technology   In Other news  27 Aug 2019  Instagram awards Chennai techie with 10,000 dollars for spotting vulnerability

Instagram awards Chennai techie with 10,000 dollars for spotting vulnerability

THE ASIAN AGE.
Published : Aug 27, 2019, 9:23 am IST
Updated : Aug 27, 2019, 9:23 am IST

Laxman Muthiya, a tech enthusiast, had also won USD 30,000 just a month ago for pointing out another vulnerability for Facebook.

The security flaw basically allowed attackers to hack Instagram accounts without permission.
 The security flaw basically allowed attackers to hack Instagram accounts without permission.

Laxman Muthiyah, a techie from Chennai, the capital of Tamil Nadu, India recently discovered a new account takeover vulnerability on Instagram, the photo and video sharing application. He won a sum of USD 10,000 as part of the app’s bug bounty programme.

The security flaw basically allowed attackers to hack Instagram accounts without permission.

 

Muthiyah had also won USD 30,000 just a month ago in July when he shed light on another security vulnerability for Facebook, the same parent company.

"Facebook and Instagram security team fixed the issue and rewarded me USD 10000 as a part of their bounty programme," said Muthiyah in a blog post.

Muthiyah had discovered that the same device ID that Instagram uses to validate password resets, could also be used to request more than one passcodes of various users.

"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," said Facebook in a letter to Muthiyah. The company has since fixed the issue.

 

Tags: chennai, instagram, facebook