Indian Bug Hunter Won Rs 20 Lakh After Discovering Instagram Flaw

Laxman Muthiyah, a security researcher from Chennai has won $30,000 which is equivalent to Rs 20 Lakh from a bug bounty program following his discovery of a flaw in the Instagram app. According to Muthiyah, with the vulnerability that he found, he could “hack any Instagram account without consent permission."

By prompting a password reset then requesting for a recovery code, it was possible to hack into someone’s Instagram account and take over. The hacking could also be done by trying out every possible recovery code.

In a blog post, Muthiyah wrote:

He added that the issue was later fixed by the security teams from Facebook and Instagram and he received $30,000 for his finding.

Senior technologist Paul Ducklin from Sophos-a cybersecurity major warned that although the security teams got rid of the vulnerability, users should familiarize themselves with how to take back their social media accounts if they get hacked.

He said:

Earlier, Muthiyah detected on Facebook a flaw in data deletion as well as a data disclosure bug. With the first bug, all your photos could be wiped out without needing your password while the second could go through all the pictures on your Facebook without account access permission once you install a seemingly-harmless mobile app.

Ducklin said:

Thanks to the discovery of Muthiyah, Facebook could fix the issues before the bugs could become public before other people could find them.