CyberNews Briefs

Instagram Account Takeover Vulnerability Earns Hacker $30,000

Facebook recently paid $30,000 to a security researcher who found a critical flaw that could have enabled threat actors to hack Instagram accounts by taking advantage of the app’s password recovery mechanism for mobile devices.

Instagram forces users requesting a password change to enter a six-digit code within 10 minutes of receiving the code on their mobile phone. In order to prevent brute-force attacks aimed at cracking the six-digit code, Instagram used a form of rate-limiting. However, this mechanism was flawed and could be bypassed, the researcher found. As a result, any threat actor willing to spend around $150 in order to obtain 5,000 IPs from “a cloud service provider like Amazon or Google” would have been able to try all of the one million possible six-digit codes for any Instagram account.

Read more: Instagram Account Takeover Vulnerability Earns Hacker $30,000

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.