Mass Media

Instagram Flaw Exposed Millions to Potential Hacking

Vulnerability Could Have Allowed Hackers to Compromise Accounts Without Interaction from Victims.

Facebook recently gifted Indian Hacker Laxman Muthiyah with 30k for finding a security flaw in instagram that allowed potential hackers to infiltrate accounts without any cooperation or interaction from the targeted victim.

The vulnerability was in regard to the password recovery system. Muthiyah discovered that hackers could potentially leverage the password reset feature that normally helps people who forgot or lost their password to access their accounts.

According to www.technadu.com:

When a user asks for a password reset, Instagram sends a six-digit passcode to their mobile phone or registered email account, which expires in ten minutes. This is something like a two-factor authentication step that helps the platform affirm that it is the real holder who is asking the password reset. The hacker has figured out that if he sent thousands of simultaneous password reset requests from different IP addresses, he could leverage a race condition and bypass the authentication step. Going from theory to practice, Muthiyah used 1000 different IPs to send 200k requests, just to make his point to Facebook’s security team.

Instagram has become the go-to social media platform for pop-culture influencers and the value of perceived endorsements from high profile users could have made this a highly profitable cybercrime for hackers.

Show More

Julio Rivera

Julio Rivera is a small business consultant, political activist, writer and Editorial Director for Reactionary Times.  His writing, which is concentrated on politics and cybersecurity, has also been published by websites including Newsmax, The Hill, The Washington Times, LifeZette, The Washington Examiner, American Thinker, The Toronto Sun, PJ Media and many others.

Previous/Next Posts

Related Articles

Leave a Reply

Comments will appear after approval.

Your email address will not be published. Required fields are marked *