Brother
Professional
- Messages
- 2,590
- Reaction score
- 519
- Points
- 83
Security researcher Laxman Muthiyah discovered a new vulnerability in the Instagram photo and video sharing app that could take over someone else's account.
In July of this year, Mutya reported a similar problem, which provided an opportunity to hack any account in 10 minutes. The exploitation of the vulnerability allowed resetting the password for any Instagram account and gaining full control over it. For information about the bug, the researcher received $ 30 thousand in the framework of the program of reward for the vulnerabilities found.
As in the previous case, the new vulnerability allows any Instagram account to be hacked. Mutya figured out that the same device ID (a unique identifier used by Instagram's servers to verify password reset codes) can be used to request multiple codes from different users, thus allowing service accounts to be hacked.
“There are 1 million probabilities for a six-digit password (000001 to 999999). When prompting for passwords of multiple users, the possibility of hacking accounts increases. For example, if you ask for passwords for 100,000 users using the same device ID, the success rate is 10%. If we ask for passwords for 1 million users, we can easily hack 1 million accounts, ”explained Mutia.
The researcher reported his find to the security teams of Instagram and Facebook. This time, he received $ 10,000 for information about the vulnerability.
