Wednesday, September 30, 20:02
Home security White hat hacker showed how Instagram accounts can be hacked

White hat hacker showed how Instagram accounts can be hacked

The Facebook offered 10.000 $ to a researcher-white hat hacker, named Laxman Muthiyah, as he discovered one critical vulnerability that could be used by malicious people hackers for hacking Instagram accounts.

The problem was detected on Instagram mobile password recovery process Appliances. When someone wants to reset their password, a six-digit code is sent to the phone.

The social networking platform uses a mechanism to prevent brute-force attacks aimed at obtaining this code.

Muthiyah discovered that Instagram randomly generates one ID for each device, which is included in the password reset request access. Also, this ID is used to check the validity of the code.

The researcher found that Instagram has allowed the same device ID to be used for many different user accounts. This can help hackers to perform brute-force attacks and obtain the six-digit codes.

“As you can see in my previous post, Device ID is the only identifier used by the Instagram server to validate passwords used to reset the password. When a user requests a password using their mobile device, a device ID is sent along with the request, "the researcher wrote. "The same device ID is used for password verification".

“Device ID is a random string created by application Instagram, "he said.

The white hat hacker explained that there are a million combinations for an 6 password (000001 to 999999). The probability is likely to increase hacking Instagram accounts demanding that multiple user passwords be reset.

Using the same device ID, the malicious hacker could obtain the six-digit code of thousands of users.

Facebook offered Muthiyah 10.000 dollars as a reward for his findings.

It's not the first time Muthiyah has revealed an error on Instagram. In July, the researcher had discovered one vulnerability allowing the attackers to gain control of anyone account.

Muthiyah had received a Facebook 30.000 dollar remuneration under his own bug bounty program of.

In the past, the same researcher had received other remuneration from the debugging platform, which could delete videos and photos of users.


Please enter your comment!
Please enter your name here

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to add Sticky Notes to your iPhone home screen

Remember the days when you added sticky notes to your Windows desktop? Well, from now on you can add sticky ...

Vodafone Network Error: Connection Problems Detected!

Vodafone Network Error: Connection Problems Detected! Vodafone has been having problems with internet and telephone connection (internet-telephone) for some time now. According to users ...

As long as the technologies reach their EOL, the hackers are waiting

A recent outbreak of cyber attacks against web commerce sites using Magento 1 underscores the importance of having a strategy ...

Mac: How to export high quality icons from System Preferences

Sometimes, you need a high quality icon from Mac System Preferences for a project, but you can not find any ...

COVID-19 test: Approval in Europe for results in 15 minutes!

A test to detect the Covid-19 virus that gives results in 15 minutes has received the green light for disposal in ...

Gmail: How to add a signature to your emails

Google Gmail supports customizable signatures, which it attaches to every email you send. You can add your name, ...

A spy campaign targets the Indian army!

Security investigators have uncovered evidence of an ongoing espionage campaign targeting India's military (defense and armed forces), ...

Baidu: Malicious pop-up redirects traffic

Malicious pop-ups redirect the traffic of the website of the technology company Baidu, to the intruder's domain. The malicious ...

LinkedIn hacker Nikulin was eventually sentenced to 7 years in prison

A US judge on Tuesday sentenced Yevgeniy Nikulin to seven years in prison, ending an international legal drama ...

Inova Health: another victim of the Blackbaud breach

Inova Health Systems has sent letters to its patients, in order to inform them about a cyber attack, which is possible ...