- Instagram rewarded an Indian developer $30,000 (approximately Rs 21,99,699) for detecting a dangerous bug.
- Indian researcher Laxman Muttiah received $50,000.
- The attacker was able to gather details about specific media and subsequent filters.
Indian developer has been rewarded $30,000
An Indian developer has been rewarded $30,000 (approximately Rs 21,99,699) by Instagram for flagging a bug. According to the report, the detected bug could allow anyone to view archive posts, stories, reels, and IGTV without following a user, even when the profile is private.
Re-generate valid CDN URLs of archived stories
Indian developer, Mayur Fartade informed about the issue in a post on Medium. He added that the bug could allow a potential attacker to “re-generate valid CDN URLs of archived stories and posts. In addition, based on the media ID, the attacker was able to gather details about specific media and subsequent filters.” Saksham was private and archived.” He also said that the entire timeline from raising the issue to fixing it was about two months.
This bug could have been dangerous
The bug may not seem as dangerous at first as it required attackers to know the media ID associated with an image, video, or album by forcing identifiers. However, Furtade showed that it was possible to prepare a POST request to a GraphQL endpoint and retrieve sensitive data.
Facebook also impressed
Facebook then responded by saying that they uncovered a scenario that could allow a Malaysian user to view targeted media on Instagram.
In March, Indian researcher Laxman Muttiah received a $50,000 (approximately Rs 36,66,165) award by Microsoft under the company’s bug bounty program.
Microsoft honored an Indian researcher for spotting a loophole that could hijack one’s Microsoft account. They had previously found an Instagram rate limiting bug that could have helped hijack someone’s account. Then he checked the same flaw in Microsoft’s account.
Microsoft issued a $50,000 award
According to Muttiah, the loophole “could have allowed anyone to take over any Microsoft account without consent [or] permission.” Microsoft issued a $50,000 award through the HackerOne bug bounty platform.
Instagram (commonly abbreviated to IG, Insta, or the gram) is an American photo and video-sharing social networking service created by Kevin Systrom and Mike Krieger. In April 2012, Facebook acquired the service for approximately US$1 billion in cash and stock. The app allows users to upload media that can be edited with filters and organized by hashtags and geographical tagging.
Also Read :