A gllitch/bug recently exposed the personal details of Instagram users. This bug appeared while a test run was functional by Facebook. The details leaked therein were the email ID’s and birthdays of the users.
This is some serious security breach.
Saugat Pokharel, who is an experienced bug hunter from Nepal, discovered the bug. He reported the same to Facebook. As per the company, necessary actions have been taken.
The attack used Facebook’s Business Suite tool, available to any Facebook business account. Pokharel found that the attack worked on the accounts that were set to private and not accept DMs from the public.
According to the report by Saugat,”If an account did not accept DMs, the user potentially would not receive any notification indicating their profile may have been viewed.”
He also mentioned that the bug appeared due to an experimental feature that Facebook was testing back in October. Some professional accounts have had access to the experimental feature which Facebook tested and was usable by them.
Pokharel found out that Instagram doesn’t delete photos and videos that users delete in August this year. He found that information deleted by users was never really deleted from the servers. When Pokharel requested a copy of photos and direct messages, he received the data he had deleted over a year ago. Pokharel received an amount of $ 6,000 for raising the issue. The issue was immediately fixed by Instagram.
On the recent glitch report, the company quoted, “This issue was resolved quickly, and we discovered no evidence of abuse. Through our Bug Bounty Program we rewarded this researcher for his help in reporting this issue to us”.