Instagram security threat

blog

Did you know that one researcher received a reward after discovering a security issue that could jeopardize an Instagram account from hacking?

This particular researcher received a $ 300,000 reward, which is not surprising since he solved a potentially large problem for many users.

After the recent increases in rewards being offered for vulnerability detection on Instagram and Facebook, Laxman Muthiyah has decided to explore in more detail the service where you can share photos.

Laxman decided to investigate if there was a problem with the user's password reset request.

He found that users are requesting a password reset via the Instagram interface, after which the password should be sent to the user's email address.

He also revealed that Instagram has offered users the option to request a six-digit security code from their account to their email address or mobile number.

Once the code is entered, the user can log in to his Instagram account.

But if a hacker could enter that same code, he could enter the account.

It is thought that the code could be stolen if the hacker managed to gain access to the e-mail account.

Mutiyah also wondered if they had another way of breaking the bill. He realized that all a hacker needed to do was enter a six-digit code between 000000 and 999999.

Up to one million letters can be entered within ten minutes to change your account password.

After several tests, the researcher found that the speed limitation mechanism could be bypassed by turning the IP address.

During the test, he used 1000 different IPs and machines and sent 200,000 requests.

The conclusion is that such an attack would require about 5,000 IP addresses. It would take about $ 150 for so many addresses.

Finally, all users are advised to use passwords that will be difficult to detect and to allow two-factor authentication.