Belgian security expert, Arne Swinnen, discovered the issues while reactivating one of his older Instagram accounts. According to Swinnen, the bug affected only locked Instagram accounts.
The expert first discovered that Facebook printed sensitive Instagram user details on the Web page, along with operations that could have allowed a hacker to reset emails attached to an account and later reset the accounts password. After that, he also noticed that Facebook printed each users ID in the pages URL and allowing them to edit it. By doing so, users were able to access a similar page for other accounts without any type of authentication. Since Instagram uses incremental IDs, a hacker only needed to grow the number by one.
Facebook took care of this issue and awarded Arne Swinnen with USD 5,000 for his expertise.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now