Chennai Researcher Wins $10,000 For Finding Vulnerability In Instagram Again


Last month, it was reported that a Chennai-based researcher named Laxman Muthiyah received a reward of $30,000 (Rs. 21.6 lakhs) from Facebook for spotting a bug in Instagram. Now, on Monday he revealed that he has discovered a new vulnerability which will make it easier for hackers to get access of anyone's account. This time he won $10,000 which is approx Rs. 7.2 lakhs as a part of a bug bounty program.

Chennai Researcher Wins $10,000 For Finding Vulnerability In Instagram


Back in July, Muthiyah spotted a similar bug which allows anyone to get access to any Instagram account without any permission. However, no need to worry because Facebook developers have taken care of the bug and the image and video sharing app is now safe to use.

"Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post.

In his research, Muthiyah found that the unique identifier used by the social media server to validate password reset codes, can also be used for requesting multiple passcodes for different users.

"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," Facebook said in a letter to Muthiyah.

Last month, Muthiyah spotted a bug which allows hacked to get access to any Instagram account by triggering a password reset.

"I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible," Muthiyah wrote in a blog post.

Under the bug bounty program Muthiyah has already won around Rs. 28.8 lakhs. Let's see what else he is going to discover next and how much will he earn from the bug bounty program.

Most Read Articles
Best Mobiles in India

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more