Chennai techie wins $10,000 for find flaw in Instagram

Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram. Chennai based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app.

The researcher asserted that he again discovered a new account takeover vulnerability. And he won $10,000 as part of Facebook’s bug bounty program.

The new vulnerability that Laxman Muthiyah spotted was similar to the one. reported in July and allowed anyone to hack Instagram accounts without consent permission.

Also Read: Google Hangouts Classic version shutdown for G Suite Users Postponed

Laxman Muthiyah told in a blog post, Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty program.

Muthiyah found the same device ID- the unique identifier used by The Instagram server to validate password reset codes. It can be used to request multiple passcodes of different users.

He showed that this vulnerability can be exploited to hack Instagram accounts. You identified insufficient protections and a recovery endpoint. And allowing an attacker to generate numerous valid nonces to ten attempt recovery, Facebook said in a letter to Laxman Muthiyah.

Source: Chennai techie wins $10,000 for discovering a flaw in Instagram